• February 28, 2025, 05:38:28 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How easy is it to hack into the DNS-323?  (Read 7202 times)

liammaps2010

  • Level 2 Member
  • **
  • Posts: 25
How easy is it to hack into the DNS-323?
« on: July 22, 2010, 12:10:28 PM »
How easy is it to hack into this NAS. I logged on and noticed that I was user #3. I am the only user. How could this be? I was trying to log in early with a second FTP client (WinSCP) but was not successful and had closed that program just prior to logging in with FireFTP.

I was stupid enough to have my login name posted on a thread that showed my IP address. Was I hacked?
« Last Edit: July 22, 2010, 12:40:49 PM by liammaps2010 »
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How easy is it to hack into the DNS-323
« Reply #1 on: July 22, 2010, 12:26:21 PM »
Define "hack into"

This is a NAS, and should be on a network with some sort of firewall protection - if you open a hole in that firewall and make the NAS accessible to the public and someone who has somehow obtained your username & password gains access - does that mean it's been hacked?

You may have been hacked - but was the NAS hacked?  How is the NAS to know that the person presenting the credentials (which are correct) is not authorized to have those credentials?

Now if I were to scan your ISPs network range and get a response on an open port and then gain entry without having your credentials ....

- that would be a different matter - wouldn't it?

Just change the username & password.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

liammaps2010

  • Level 2 Member
  • **
  • Posts: 25
Re: How easy is it to hack into the DNS-323
« Reply #2 on: July 22, 2010, 12:30:12 PM »
Quote from: fordem on July 22, 2010, 12:26:21 PM
Define "hack into"

This is a NAS, and should be on a network with some sort of firewall protection - if you open a hole in that firewall and make the NAS accessible to the public and someone who has somehow obtained your username & password gains access - does that mean it's been hacked?

You may have been hacked - but was the NAS hacked?  How is the NAS to know that the person presenting the credentials (which are correct) is not authorized to have those credentials?

Now if I were to scan your ISPs network range and get a response on an open port and then gain entry without having your credentials ....

- that would be a different matter - wouldn't it?

Just change the username & password.


By Hack I mean accessing your NAS and being able to do an FTP and all they know is your user name and IP address. How easy is it to bypass the password?
Logged

liammaps2010

  • Level 2 Member
  • **
  • Posts: 25
Re: How easy is it to access the DNS-323 with just a user name and IP address?
« Reply #3 on: July 22, 2010, 12:39:59 PM »
Checked my FTP logs. I have been the only user downloading items.
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How easy is it to hack into the DNS-323
« Reply #4 on: July 22, 2010, 07:19:48 PM »
Quote from: liammaps2010 on July 22, 2010, 12:30:12 PM
By Hack I mean accessing your NAS and being able to do an FTP and all they know is your user name and IP address. How easy is it to bypass the password?
As far as I know there are no mechanisms to prevent a hacker from running a bruteforce or dictionary attack - so the question becomes how secure is YOUR password?

The unit accepts up to 15 (maybe 16) characters in any combination of upper & lower case, along with numeric and special characters.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.