Loading ...
Sorry, an error occurred while loading the content.

1180Re: Some simple questions

Expand Messages
  • ladeeda168
    May 16, 2005
    • 0 Attachment
      Yes, I completely understand the vulnerability if I leave it in its
      stock condition. And I guess I wasn't clear...I wanted to know if
      anyone has modified their NSLU2 to become a more secure file
      server/gallery so that I don't have to expose the admin interface.
      I see some people have run web pages off the NSLU2, which is great,
      but web pages don't autoupdate with shared files (I'd have update an
      HTML list everytime)...

      Maybe I'm asking for something that doesn't exist?

      --- In nslu2-general@yahoogroups.com, "Computer Guy"
      <computerguy@t...> wrote:
      > Not necessarily; as a stock unit, the NSLU2 does not have ftp
      capability
      > (that I know of). The only way to access the actual shares is
      either
      > through the web interface (same interface used for administration)
      or
      > through NetBios. I personally wouldn't want people from outside
      my internal
      > network to have access to the standard NSLU2 web interface. There
      are too
      > many questions of security there. It is all a matter of
      acceptable risk;
      > for me, it is not acceptable as I have files on my NSLU2 that I
      don't want
      > accessible to anybody but me. If I didn't, I probably wouldn't
      worry as
      > much about it. However, if you offer the standard web interface
      to be the
      > main external access point, folks are one step closer to hacking
      into the
      > NSLU2 and destroying/manipulating your data.
      >
      > -----Original Message-----
      > From: nslu2-general@yahoogroups.com [mailto:nslu2-
      general@yahoogroups.com]
      > On Behalf Of ladeeda168
      > Sent: Monday, May 16, 2005 8:08 AM
      > To: nslu2-general@yahoogroups.com
      > Subject: [nslu2-general] Re: Some simple questions
      >
      > I understand what you're saying about security, but if I have a
      separate
      > server, wouldn't that defeat the purpose of the NSLU2?
      > Couldn't I just set up shared files on the same web/ftp server?
      Or am I
      > misreading what you recommended?
      >
      > Thanks!
      >
      >
      >
      > --- In nslu2-general@yahoogroups.com, "Computer Guy"
      > <computerguy@t...> wrote:
      > > The NSLU2 has a web server enabled by default; this is the way
      you
      > access
      > > the admin interface. If you used DynDNS, you could point port 80
      > to your
      > > NSLU2 and people would be able to access the device through the
      > same web
      > > interface.
      > >
      > > As for security; that should be your primary concern... If you
      > allow
      > > everybody to have access through the web interface, as was stated
      > earlier,
      > > you are opening up a hole that hackers will attempt to gain
      access
      > through.
      > > While it may not be the easiest of solutions, it would still be
      > better to
      > > set up a separate web/ftp server and host the files through
      > there. That
      > > way, you have 2 layers of security - 1 from the NSLU2 and 1 from
      > your
      > > separate server. Just my $.02.
      > >
      > > Matt B.
      > >
      > > -----Original Message-----
      > > From: nslu2-general@yahoogroups.com [mailto:nslu2-
      > general@yahoogroups.com]
      > > On Behalf Of ladeeda168
      > > Sent: Sunday, May 15, 2005 11:35 PM
      > > To: nslu2-general@yahoogroups.com
      > > Subject: [nslu2-general] Re: Some simple questions
      > >
      > > Thanks for your help.
      > >
      > > I am concerned about #2 (sharing with people outside my
      > network)...What
      > > about all the people who run web servers off their NSLU2? How do
      > they keep
      > > from "being hacked?"
      > >
      > > All I wanna do is share photos and maybe a few other files with
      > family and
      > > friends...and I don't want to do it so they have to do it through
      > an FTP
      > > client.
      > >
      > > --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
      > > <jncharli@t...> wrote:
      > > > Hello,
      > > >
      > > >
      > > >
      > > > 1) You should have assigned an Netbios Name to your
      NSLU2.
      > > >
      > > > All the shares you created will appear in « My Network place »
      > > with the name
      > > > of the NSLU2, and the name of the share.
      > > >
      > > > Note that if even if you haven't created any share, there
      should
      > > be 2 lines
      > > > by default :
      > > >
      > > > - admin1 on <NSLU2_Name_you_assigned>
      > > \\<NSLU2_Name_you_assigned>\admin
      > > > 1
      > > >
      > > > - disk 1 on <NSLU2_Name_you_assigned>
      > > > \\<NSLU2_Name_you_assigned>\disk 1
      > > >
      > > >
      > > >
      > > >
      > > >
      > > > 2) Be careful that allowing the outside world to connect
      > to
      > > your NSLU2
      > > > means that everybody connected to Internet is able to try and
      > hack
      > > your
      > > > files. This is a significant security concern that should be
      > > raised.
      > > >
      > > >
      > > >
      > > > To be able to share a ressource from outside your network (you
      > LAN
      > > = Local
      > > > Area Network), you must enable the `sharing protocol' (aka
      > > Netbios) to cross
      > > > your equipments (mainly your router).
      > > >
      > > >
      > > >
      > > > There are 3 steps to perform
      > > >
      > > >
      > > >
      > > > Step 0 : Check if your ISP doesn't block the Netbios ports
      > > >
      > > >
      > > >
      > > > Sometimes (more and more often), the ISP blocks the Netbios
      ports
      > > for
      > > > security reasons.
      > > >
      > > > You should check in the FAQ if your ISP blocks the Netbios
      > ports.
      > > If it the
      > > > case (like for mine), there is no real solution, other than
      > > changing your
      > > > ISP.
      > > >
      > > >
      > > >
      > > > Step 1 : Allow the Netbios trafic to cross your router/firewall
      > > >
      > > >
      > > >
      > > > Currently, most of the router embedd a firewall. You then must
      > > tell your
      > > > firewall embedded in the router you want to enable Netbios in
      > both
      > > direction
      > > > :
      > > >
      > > > TCP 137
      > > >
      > > > UDP 138
      > > >
      > > > TCP 139
      > > >
      > > > (sorry, there are maybe others, but here are the ports found in
      > > books).
      > > >
      > > >
      > > >
      > > > Step 2 : Tell your router what equipment (IP adress) will be
      the
      > > target of
      > > > incoming Netbios trafic
      > > >
      > > >
      > > >
      > > > You must configure your router to set the NSLU2 to be the
      > > destination of all
      > > > incoming Netbios requests.
      > > >
      > > > There is a common mode called `DMZ mode' that can be used. In
      > this
      > > mode, all
      > > > incoming requests (Netbios or not) are sent to a single IP
      > adress.
      > > This mode
      > > > should be used for tests purposes.
      > > >
      > > >
      > > >
      > > >
      > > >
      > > > Hope it can help
      > > >
      > > >
      > > >
      > > >
      > > >
      > > > Greetings
      > > >
      > > >
      > > >
      > > >
      > > >
      > > > _____
      > > >
      > > > De : nslu2-general@yahoogroups.com [mailto:nslu2-
      > > general@yahoogroups.com] De
      > > > la part de ladeeda168
      > > > Envoyé : samedi 14 mai 2005 08:39
      > > > À : nslu2-general@yahoogroups.com
      > > > Objet : [nslu2-general] Some simple questions
      > > >
      > > >
      > > >
      > > > I've been scouring the Wiki and this group for an answer, but
      > > don't
      > > > seem to be able to find what I need. I think these are very,
      > very
      > > > basic questions:
      > > >
      > > > 1) How is the drive that is attached to the NSLU2 viewed from
      in-
      >
      > > > network computers? Is it in "My Network Places?" I've tried
      > > looking
      > > > at the manual, but this simple question doesn't seem to be
      > > answered?
      > > >
      > > > 2) How do people OUT of my network view files? Is there a way
      to
      > > do
      > > > this without starting up an ftp client? Like a webpage based
      > > > interface? Or something else? I would like to eliminate the
      > FTP
      > > > component and just have someone type in my domain (which would
      > > then be
      > > > run off DynDNS)...
      > > >
      > > > Thanks!
      > > >
      > > >
      > > >
      > > >
      > > >
      > > >
      > > >
      > > > _____
      > > >
      > > > Yahoo! Groups Links
      > > >
      > > > * To visit your group on the web, go to:
      > > > http://groups.yahoo.com/group/nslu2-general/
      > > >
      > > > * To unsubscribe from this group, send an email to:
      > > > nslu2-general-unsubscribe@yahoogroups.com
      > > > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
      > > subject=Unsubscribe>
      > > >
      > > > * Your use of Yahoo! Groups is subject to the Yahoo!
      > > > <http://docs.yahoo.com/info/terms/> Terms of Service.
      > > >
      > > >
      > > >
      > > > [Non-text portions of this message have been removed]
      > >
      > >
      > >
      > >
      > >
      > > Yahoo! Groups Links
      >
      >
      >
      >
      >
      > Yahoo! Groups Links
    • Show all 11 messages in this topic