130 replies to this topic

[kermith]

Hi,

 

I hope someone could help me with strengthen up my security for my VU+ Solo SE Version 2.

 

I have setup an Oscam server which serves me in my house for other boxes like an older DM800 and one DM500 a part from my VU+ which I have in my living room.

 

I also set this up for my mother and my two cousins. I do understand that this is somehow an “grey area” but I only have my family in this setup.

 

A couple of days ago, my VU+ stopped working and after a lot of fiddling around I found out that someone has changed my CCcam.cfg to a different address. I looked like this:

 

C:piromery98.zapto.org  12000 hak hak
C:piromery97.zapto.org  12000 hak hak
N:127.0.0.1  19907 localbox lokalip1 01 02 03 04 05 06 07 08 09 10 11 12 13 14
N:127.0.0.1  19908 localbox lokalip1 01 02 03 04 05 06 07 08 09 10 11 12 13 14
N:127.0.0.1  19909 localbox lokalip1 01 02 03 04 05 06 07 08 09 10 11 12 13 14

 

Well it’s obvious that somebody gained access to my box but I don’t understand how.

I have set a long and hard password to my box.

 

I do understand that it’s a security risk to have port forwarding in my router.
I have port forwarded telnet, ftp, http and the port for streaming services, 8001, to my box.
I need it since I’m streaming to my Android phone. I have set the streaming authorization on both in OpenWEbIf and the setup menu, so the streaming needs a user name and password. How could I tighten my security without losing my port forwarding?

 

Also, I have discovered that I started to have duplicate users of my cousin’s name in my Oscam. O checked the IP addresses and they mostly come from Turkey, Germany and Spain. I’m banning the IP addresses directly in my Ubuntu, but still another IP address pops up in my Oscam several times a week. I’ve gone as far as banning whole Block range of IP Addresses that comes from these countries and it has somehow lessened a little, but still pops up.

 

I’d appreciate any tips on how I could tighten my security.

 

 

[mimisiku]

Very simple! wAN sharing is illegal and is simply not suppirted here. Statements like 'only family/friends' is banned by law.

[kermith]

Sorry for being honest. I could only have written "within my house", like anyone else.

Just looking for tighten my security.

[WanWizard]

It's all very simple:

 

Do not expose your box onto the internet. Never! It is not a security device, it is not designed to be, it is not hardened.

[littlesat]

Telnet ftp and streaming port open... That is like let the frontdoor of your house wide open...

[kermith]

Thanks for honest answers. I could live without the telnet and ftp ports. But how about the streaming port.

If I use the Streaming Authentication On, just stream with password. Would that be a threat as well?

[betacentauri]

Read WanWizards post again. Yes, every open port is dangerous.

[kermith]

Read WanWizards post again. Yes, every open port is dangerous.

LOL, what a great helper we have found here.

[betacentauri]

I just answered your question

My last advice here: Use VPN!

[kermith]

@betacentauri, I was just ironic. Of course I appreciate every answer I get, even youts! I have turned off both ftp and telnet in my router now and at my moms.

The only thing that bogs me is that I have a small country house two hours outside my town here in Sweden and we got fiber installed there a couple of months ago and I just bought my Vu+ at the same time and I'm able to stream even HD channels without a glitch from my Vu+ from to my house.

 

So the only thing that exists is to secure my stream. Where do I start? I understand you mentioned VPN, but being a total noob I don't know where to start. It took me over 3 months and a lot of questions to get my Oscam to work, so that's my understanding of things

 

So about this VPN. I take for granted you mean OpenVPN, I have read through some posts in this forum. But don't get the hang of it.

Should the VPN server be installed in my computer, router (if it's possible) or in the box? I.E Where should my client resp. server be installed.

 

Again, thanks for your answers so far, I really do appreciate taking your time!

[MiLo]

SSH may be simpler if you aren't exchanging large files. And it doesn't involve as much setup.

http://www.milosoftw...p?body=dropbear

You can use this also to setup connections between boxes and tunnel any traffic over it securely.

[kermith]

Thanks, so I could stream through SSH then?

[Huevos]

There are only 3 ways to protect you receiver from attack from outside your LAN: VPN, VPN, & VPN.

[kermith]

@Huevos could you elaborate? How, When, Where?  so far @MiLo have provided som juicy information. 

Is it secure? I'm asking since I'm eager to learn and keep the prying idiots away and just use other peoples vulnerabilities.

[dAF2000]

SSH is as secure as VPN. And indeed, VPN is quite difficult to set up. I never tried streaming through an SSH tunnel so I can't tell you if that works.

[littlesat]

 I never tried streaming through an SSH tunnel so I can't tell you if that works.

->

Yep that works... but undoable with an iPad or iPhone since iOS >=7 does 'abort' the tunnel after 5 minutes....

[kermith]

Some great answers! So iPad is out of the question then?

Wife will be not so happy

[dAF2000]

Some great answers! So iPad is out of the question then?

Wife will be not so happy

 

As long as your wife lives in the same house there's nothing wrong Internally you use streaming etc. just like now without VPN or SSH. That's only for outside connections.

[kermith]

Thanks, but we're in our country house and she needs to stream from my home, from the Vu+. Otherwise she would need to always see football or icehockey with me

 

We have WiFi in the country house with just installed fiber,

Edited by kermith, 29 November 2016 - 16:51.

[SpaceRat]

Some routers, especially the AVM Fritz!Box, allow a very quick and easy setup for VPN (Site-2-Site and Road Warriors).
That VPN uses IPSec.
I recommend its use for any beginner who has such a box (and has IPv4 or Dual Stack, as AVM hasn't managed to upgrade their IPSec to IPv6-compatibility yet).


Some other routers do have built-in VPN functionality too and as long as that one isn't using PPTP, it's worth a try.


If your router doesn't have VPN functionality: Some NAS' do also offer this feature.