D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-320 => Topic started by: iambigred on May 27, 2011, 01:36:44 AM

Title: Folders exposed via FTP server allow Anonymous access by default
Post by: iambigred on May 27, 2011, 01:36:44 AM

Hi,

One of the key reasons I purchased the DNS320 is to access files remotely from my office or parents house.  FTP seems to be the only option available to do this, so I enabled the FTP server, set my router to forward the ports to allow external access.

However, it seems that by default anonymous read/write access is permitted to the P2P folder (containing complete/incomplete bittorrent downloads) and to any external disk connected to the USB port.

There seems to be no way to turn this off which is a massive potential security risk.  Had I not realized these shares were exposed by default then my personal documents and data would have been accessible and vulnerable to anyone that happened to be scanning for open FTP servers.

In the web interface when I select either the P2P or USB volume share it does not allow me to edit them in order to disable FTP on these exposed shares.

Allowing anonymous read/write access by default is not a users desired or expected behavior!

Alex

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: hoppo1 on May 27, 2011, 04:54:00 AM

That does seem to be the default I have just enabled p2p and the share has ftp anonymous read / write by default  ::) I dont use ftp nor have it forwarding from my router but that is quite a worry if I did.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: D-Link Multimedia on May 31, 2011, 08:53:18 AM

This will be fixed next firmware. You will be able to modify the share settings.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: iambigred on May 31, 2011, 09:46:31 AM

Is there a release date for the new firmware?  If it takes too long then I might have to return the unit.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: D-Link Multimedia on May 31, 2011, 10:07:43 AM

I have a beta firmware already on hand that has this change. So soon but a little longer for official release.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: hoppo1 on June 01, 2011, 02:09:09 AM

How do you apply for beta? I have some issues that hopefully will be fixed in beta that could be fed back as part of the beta program.

thanks.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: D-Link Multimedia on June 01, 2011, 08:09:59 AM

I run public betas in the Beta sub-forum. Once it is posted there you can grab a copy from our ftp. (link will be provided in the sub-forum when available)

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: Borkis72 on June 02, 2011, 07:14:26 AM

Is the beta up yet? To have an all open FTP is not what i expected when I bought my DNS-320. I need a fix for this fas. I should have bought the Netgear NAS...

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: D-Link Multimedia on June 02, 2011, 08:30:52 AM

I am working on getting the beta up by today hopefully.

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: AMcK on May 20, 2012, 03:08:03 PM

I have the latest firmware 2.03 dated 02/21/2012. Does this allow me to disable guest access to P2P and FTP. If so, how is it configured. By default, guest FTP access appears to be open. Regards. Andrew 

Title: Re: Folders exposed via FTP server allow Anonymous access by default
Post by: bohemus on May 23, 2012, 10:45:22 AM

Still appears that external USB drives are still shared by default over FTP to all users.