Data security under V2.3R63 Firmware

Discussion in 'Cisco/Linksys Network Storage Devices' started by Mic-Re, Sep 25, 2005.

  1. Mic-Re

    Mic-Re Network Guru Member

    Hi folks,

    I'm still running the NSLU under the R29. I want the FTP Server provided by the R63 but I'm still not decided if I should upgrade to it due to security reasons:

    I want to acces the files on the NSLU with help of a DynDNS adress via FTP.

    R63 got an FTP server but the format used on BOTH HDD's is not ext3 anymore. USB port 1 will support ext3 and FAT32. USB port 2 will just support FAT32 and NTFS!

    Linksys stated that usernames and passwords can not be applied to the FAT32 or NTFS drives but to ext3 drives only!

    I wonder about the basic security measures regarding the Fat32 /NTFS drives when accessed from the internet via FTP:

    1) Does that mean that any user will be able to acces the files located on the FAT32 / NTFS drives since there is no password at all for these drives, or is it possible to limit the acces in any form?

    Put differently: Provided I use a ext3 drive at USB port 1 and a NTFS drive at USB port 2:

    I need two kinds of users
    A) people who can acces the FAT23 / NTFS drive by use of FTP (me and my familie and
    B) people who can NOT access this drive by FTP (guests and friends). These people should only be able to access a few specific shares/ folders located on the ext3 drive

    Could that be achieved? Please note that I don't know the R63 yet!

    2) How does the FTP Interface look like when I access the NSLU with a internet browser from the internet? Does it look the same as the HTTP Interface?

    The Http-UI of the R29 firmware is revealing EVERY security sensitive information of the NSLU to a stranger, and it looks the same at the R63:

    --> Kind of device
    --> networkname
    --> local IP adress
    --> version of firmware
    --> how many discs are attached
    --> format of the disks
    --> able to administration via this UI

    Since the default admins name can not be changed, the stranger only lacks the admins password.... :eek:

    Does that apply to the FTP-UI as well?

    I would be glad if anyone using the R63 can give me some informations regarding these issues.

  2. d__l

    d__l Network Guru Member

    Edit: I keep re-reading your questions and revising/increasing my answer.

    1) I think you can put an ext3 drive on BOTH USB Port 1 and Port 2 and that the release notes for R63 are just plain wrong! I have not tried this, but ext3 drive to ext3 drive would be the preferred method for making a drive back up.

    I know for a fact that I have operated mine with a FAT32 drive on Port 1 and an ext3 drive on Port 2, so ext3 will work on the second port.

    Just as in the earlier firmwares, there are Public areas on the drives that can be made RW- or R-only accessible. If there is a Public area, any guest would be able to FTP RW or R-only if FTP was enabled on the NSLU2. I'm a little unclear as to why you would want to totally restrict all FTP access to some people.

    2) If a guest user was accessing the NSLU2 with an FTP client, it would look like any other FTP access you have ever seen that shows the various files and folders that have access for that user/password account. To enforce only the FTP level of access and not the HTTP access, you would have to have a router in front of the NSLU2 forwarding only port 21.

    Edit: It might be best if you can re-state your questions knowing now that you can have 2 ext3 drives unless there is some reason you want an NTFS drive to be used.
  3. BiffoTheBear

    BiffoTheBear Network Guru Member

    EXT3 works on both ports, I have two drives formatted EXT3 one on each port.

    NTFS works (with limitations) only on port 1 it does not work at all on port 2.
  4. Mic-Re

    Mic-Re Network Guru Member

    Thanx @ d__l and BiffoTheBear

    Thank you both for the answers!!!

    That's great news! If I can both HDDs kepp on running in ext3, my problem is solved! Than I don't have to change any user rights and passwords... and could access with ftp ... without any informations regarding the NSLU displaied in the ftp UI.... Fine! :cheering:

    As an explanation: I don't want to total restrict FTP access to some people but I don't want to submit any "public" data on my NSLU!

    Currently I have just one share for friends, password protected, where they can download files I temporarely put in that share folder. The rest of all data is just accessible to me or members of my family by means of different passwords.

    My trail of logic was: When no usernames and passwords can be applied to NTFS and FAT32 drives ... these drives would be publicly displaid... as well in the http-UI and probably in the ftp-UI as well.
    My second thought was: People who got an password for a share on the ext3 drive... would have access to the NTFS / FAT 32 drive too... exept, there would be a possibility to prevent an access from the internet at all for only the NTFS or FAT32 drive ... the acces tho the second drive, the ext3 drive, would remain! That way the data on the NTFS/ FAT 32 drive would be accessible for NO ONE from the internet... but the access to the ext3 drive would still be possible.

    But as you told me now: This is a mood point... since BOTH drives can remain in ext3 and full password protection and different user rights are further possible!

    Best regards and
    thanx for the help
  5. kamiller42

    kamiller42 Network Guru Member

    Don't do it. R63 is incredibly unreliable. Disconnects, failures to create default folder. I'm scared to find out what's next. NSLU2 is my first Linksys product and likely to be my last. Barely supported. What does come out as support is buggy binaries. Pathetic.
  6. Mic-Re

    Mic-Re Network Guru Member

    Hi kamiller42,

    I regret that you got a faulty NSLU. But trust me that there are some of them out there wich seam to work nicely. I have read many threads in different forums and I got the impression that the R63 works a bit more reliable than the last official firmware (R29). So I will try my luck.

    By the way it is the second NSLU I got ... the first one was a faulty device too.

    At the time being it seams to be a major policy of hardware manufacturers all over the world to degrade the consumer to merely beta tester!

    At least the chance to receive a functional device is higher with Linksys than with certain other cheap manufacturers and from my experience the support is better than at certain others. In my case they changed the device very fast and without any fuss.

  7. d__l

    d__l Network Guru Member


    I also suspect many of the reported problems are due to slight incompatibilities between the USB-to-IDE chipsets in the drive enclosures, especially the cheapo models, and the NSLU2. If someone is having problems, it would be very difficult to tell if it was due to a bad NSLU2 or an incompatible drive enclosure.

    Also I think having UPnP enabled on the NSLU2 is a cause of drive dropping problems or back up interruptions for some people.

    Then again a lot of the problems could be caused by operator error, but you can hardly blame people for not understanding the incomplete documentation. Plus the user guide hasn't been revised to take account the changes in the new firmware revisions.
  8. kamiller42

    kamiller42 Network Guru Member


    I am on my second NSLU2. I upgraded my first one's BIOS. All was fine until I tried to read my attached drive. It destroyed years of files I had been collecting. Now I have upgraded the second one to R63, and it has a new set of problems. Telephone support has been worthless. I have no faith in this product. Sadly, I'm already invested in it, but I have more faith in a floppy disk.

    The latest: I upgraded to R63, formatted the drive to NTFS, copied everything to the drive, and the NLSU2 periodically goes offline, doesn't respond. So, I formatted that the drive ext3 and will try this process all over. If it doesn't work, I will have to go back to R29.

    Yea, the NSLU2 is a cheap solution, but it has cost me a tremendous amount of time in administration. X-(
  9. BiffoTheBear

    BiffoTheBear Network Guru Member

    It might be instructive to know from people who are experiencing problems, which drives they are using, what sort of load is placed on the NSLU2 and what hardware or software mods they have implemented.

    I have two WD 250gb Essential USB 2.0 drives formatted EXT3.
    So far, I have had no problems with either drive on r63.
    Drive 2 is used only by the NSLU2 Drive Backup routine which is set to run at midnight every night.
    I have 4 PCs on my network but typically only one accessing the NSLU2 at a time.
    I have not opened the NSLU2 to implement the CPU speed doubling or indeed made any hardware or firmware changes other than upgrading to the standard Linksys r63.

    In my opinion, Linksys release notes and support are not of high quality, however, the knowledge, help and support available on this forum makes up for that.
  10. Mic-Re

    Mic-Re Network Guru Member

    Hi d__l, BiffoTheBear and kamiller42

    true! Some of the trouble is due to the different USB enclosures and its chipset. I've read that the enclosure should have the cypress chipset and Linksys has recently published a list of supported manufacturers....

    I'm running 2 Seagate HDDs in 2 IcyBox IB-350U-BL enclosures and the NSLU is behaving relatively fine.
    Single flaw under R29 is that the NSLU doesn't recognize the disk format at USB Port 2 from time to time (ext3), and the size of the disk is not properly shown in the web UI. But that is a known issue under R29 and it has been fixed under R63, as Linksys states. I have my own way of dealing with the problem and lost no data so far.

    Data load ? I would say: "XXXL"! The thing is sold as a server for home networking. So, what else should people do than store, stream and share large files (movies and music)? :D
    There have been issues regarding very large files in R24 and R25 but these has been fixed in R29.

    The Linksys support is indeed good! In fact the best I encountered ... except Amazon ;)

    But part of the operational costs for the support should have better been invested in developing ... sell a device and never hear of it again due to the fact that the customer encounters no problems! Many bugs and flaws could have been prevented in the first place! It is a bit of Microsoft-Developing-Mentality...

    The NSLU could be a VERY good consumer product if Linksys had invested much more time and resource in a clean developement and more extensive testing... the sole existense of so much "NSLU" related forums is an indicator that we all are just beta testers! I don't know.... a bunch of users gets more out of the device and it's functionality by writing a better firmware and adware for it than the guys who call themselfes "professionals"! :rofl:

    For my taste, I spend to much time in forums like this seekin informations which should be included in the firmare description.

  11. d__l

    d__l Network Guru Member

    I have one Maxtor 160 GB HD drive in a Kingwin ES-2000 enclosure on usb1 and a Simpletech 512 MB flash drive on usb2. Normally the HD is off, but it is used for periodic back ups of various data folders on my two computers. There are no files backed up that are larger than 100 MB, but there may be several hundred or more files to back up at any one time.

    The NSLU2 runs 24/7 as an FTP server using the flash drive for storage of network cam photos one every minute.

    I've modified the circuit board and the case to be able to remotely power up the NSLU2 and so have voided my warranty.

    I've never had a problem with the NSLU2 and it has always worked perfectly.
  12. Mic-Re

    Mic-Re Network Guru Member

    Wow! Remote power up sounds very intruiging! 8O
    How do you do that ? By wake on LAN? or by phone? Details please!

    I had a similar idea ones to access my PC but droped the idea due to the time consuming solving of the complications.
    My idea was to simply place a phone call to a special number, tap in some digits, as when accessing a voice box, and the PC would power up. But that would only be possible when the PC is in standby or sleep mode... that is to energy consuming and most PC's don't wake up stable ... and I never found a modem that would do the trick with the digit code.
    But I saw a device at a trade fair wich could switch any other device in that way... but the price was breath-taking!

    Now that you mentioned remote wake up the NSLU I've just got an idea ... it involves a cheap and rebuild answering machine... :D

  13. d__l

    d__l Network Guru Member

    The modification is trivially simple. Just solder two wires to the solder points for the power switch's electrical contacts (careful not to solder to the mounting points) on the back side of the circuit board and lead the wires to a small jack such as an 1/8" mono, in-line phone jack mounted on the back of the of the case. Then a male plug connected to a remote, momentary switch such as a timer switch can be inserted into the jack.

    Briefly closing the circuit powers the NSLU2 on. Closing it again places the NSLU2 in its power down sequence just as if the front switch was pressed. I think the unit will function properly if the circuit is held closed continuously instead of momentarily closed, but I've not experimented with that.

    For my remote switch, I use an X10, power line-type of relay switch and then there is an X10 USB controller connected to my network through a USB server. Also I have an X10 switch connected to my HD to be able to switch that on remotely as well. If you were purchasing all this extra equipment just to power on the NSLU2, you would greatly exceed the cost of the NSLU2, but if you already had the X10 network to automate your home, then adding two X10 relay switches is only a fraction of the NSLU2 cost.
  14. Mic-Re

    Mic-Re Network Guru Member

    I've googled for X10 Systems. Fine thing! I think I got the basic ideas. Something for the footsore or the old ones... just as me! :grin:

    So you can switch it on and of with a remote control unit and per USB server from the internet when you are on the road?

    Cool! .... very very cool!

    I've so fare just managed to establish an all-in-one remote control system for all AV and TV equipment and all of the lights in the living room ... to replace the 7 IR remote units we had.

    My wife was not enthused! Untill then I thought the WAF (Womens Acceptance Factor) was merely bound to the no-cables-and-wires issue and not to an enhanced TV remote unit, but I had to learn that she simply rejects everything remotely "technical"! ... " Wich one was the button for the lights at the table?" ... "Home ... 4 ... ON!"

    Same question after 3 month! :cry:
    Next system will be voice controled!

  15. d__l

    d__l Network Guru Member

    Yes, I have it set up so that I can power up the HD and access the NAS file server through my SX41 VPN from remote connections. I could also control some home automation, i.e. lights, etc. with the same USB server-X10 system remotely.

    Frankly the ethernet IP to USB server to X10 linkage to control the power is a bit of a kludge, but there are no direct IP to X10 controllers available that are relatively cheap. In your Googling, you probably ran across a company called Smarthome, a good X10 source. They once offered an IP to X10 controller but withdrew it because it didn't work correctly. But I had the USB server, a Keyspan US-4A, and that made it all work.

    Now that there is FTP server capability on the NSLU2, I'm not powering it on/off as much because I have it recording data full time to the flash drive.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice