D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: ReefUser on December 23, 2010, 05:00:32 PM

Title: Can a DNS323 be accessed directly from internet?
Post by: ReefUser on December 23, 2010, 05:00:32 PM

All my computers are protected with a robust software based firewall but the DNS-323 just sits there connected directly to one of the ports on my router. The router (WRT54G) is considered to be a hardware based firewall but how good is the protection it offers? Can someone snooping for an opening access it?

Also, I never assigned the DNS323 a password because I am not worried about anyone in my home changing anything in the setup menus. I wouldn't think so but does the password provide any protection from the outside?

Title: Re: Can a DNS323 be accessed directly from internet?
Post by: fordem on December 24, 2010, 04:05:45 AM

Are you seeking help to make this happen - or - are you asking about the possibility of it being hacked?

I suspect the latter, so ...

Most NAT routers will, by default, provide excellent protection against remote access - the translation process allows outbound connection requests, noting these in a table in memory; any inbound traffic corresponding to a previous outbound connection will be routed to the requesting host, but any inbound connection request, without a corresponding outbound connection will be discarded - the router, with no entry in the NAT table to match it against, has no idea which host it is meant for, so in the bit bucket it goes.

I want you to note, the preceding paragraph never mentions the firewall - it's all done by the NAT (network address translation) process running on the router.  If you never forward a port in your router, and your router does not support upnp (or has upnp disabled), preventing ports from being fowarded by hosts on the network without your knowledge, there is just no way to get past a NAT router - even if it has no firewall.

How safe is your particular setup?  That would depend on how your router/firewall is configured.

Title: Re: Can a DNS323 be accessed directly from internet?
Post by: ReefUser on December 26, 2010, 10:25:47 AM

Thanks for the response.

I just looked and did not see any option in the WRT54G setup menus referencing upnp so I have to assume the WRT54G does not support upnp.

I also checked the Security/Firewall setup. "Firewall Protection"is enabled and there are four options for "Block WAN Requests".
1. Block Anonymous Internet Requests
2. Filter Multicast
3. Filter Internet NAT Redirection
4. Filter IDENT(Port 113)
All are enabled except Filter Internet NAT Redirection. I do not know enough to know if this should also be enabled.

I suspect, based on your response, I do not need to worry about outside access to my DNS-323.

Title: Re: Can a DNS323 be accessed directly from internet?
Post by: scaramanga on December 26, 2010, 10:57:33 AM

You can test your security using on-line services such as ShieldsUP! (https://www.grc.com/x/ne.dll?bh0bkyd2).
Depending on the exact hardware revision of your WRT54GL (http://en.wikipedia.org/wiki/Linksys_WRT54G_series), you can install a 3rd party firmware to enhance it, such as DD-WRT (http://www.dd-wrt.com/site/index) or Tomatto (http://www.polarcloud.com/tomato). I tried both (on my WRT54GL) and settled for Tomatto.