D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: liammaps2010 on July 22, 2010, 12:10:28 PM

Title: How easy is it to hack into the DNS-323?
Post by: liammaps2010 on July 22, 2010, 12:10:28 PM

How easy is it to hack into this NAS. I logged on and noticed that I was user #3. I am the only user. How could this be? I was trying to log in early with a second FTP client (WinSCP) but was not successful and had closed that program just prior to logging in with FireFTP.

I was stupid enough to have my login name posted on a thread that showed my IP address. Was I hacked?

Title: Re: How easy is it to hack into the DNS-323
Post by: fordem on July 22, 2010, 12:26:21 PM

Define "hack into"

This is a NAS, and should be on a network with some sort of firewall protection - if you open a hole in that firewall and make the NAS accessible to the public and someone who has somehow obtained your username & password gains access - does that mean it's been hacked?

You may have been hacked - but was the NAS hacked?  How is the NAS to know that the person presenting the credentials (which are correct) is not authorized to have those credentials?

Now if I were to scan your ISPs network range and get a response on an open port and then gain entry without having your credentials ....

- that would be a different matter - wouldn't it?

Just change the username & password.

Title: Re: How easy is it to hack into the DNS-323
Post by: liammaps2010 on July 22, 2010, 12:30:12 PM

Quote from: fordem on July 22, 2010, 12:26:21 PM

Define "hack into"

This is a NAS, and should be on a network with some sort of firewall protection - if you open a hole in that firewall and make the NAS accessible to the public and someone who has somehow obtained your username & password gains access - does that mean it's been hacked?

You may have been hacked - but was the NAS hacked?  How is the NAS to know that the person presenting the credentials (which are correct) is not authorized to have those credentials?

Now if I were to scan your ISPs network range and get a response on an open port and then gain entry without having your credentials ....

- that would be a different matter - wouldn't it?

Just change the username & password.

By Hack I mean accessing your NAS and being able to do an FTP and all they know is your user name and IP address. How easy is it to bypass the password?

Title: Re: How easy is it to access the DNS-323 with just a user name and IP address?
Post by: liammaps2010 on July 22, 2010, 12:39:59 PM

Checked my FTP logs. I have been the only user downloading items.

Title: Re: How easy is it to hack into the DNS-323
Post by: fordem on July 22, 2010, 07:19:48 PM

Quote from: liammaps2010 on July 22, 2010, 12:30:12 PM

By Hack I mean accessing your NAS and being able to do an FTP and all they know is your user name and IP address. How easy is it to bypass the password?

As far as I know there are no mechanisms to prevent a hacker from running a bruteforce or dictionary attack - so the question becomes how secure is YOUR password?

The unit accepts up to 15 (maybe 16) characters in any combination of upper & lower case, along with numeric and special characters.