Jump to content


Photo

Tighten Security From Outside Attacks on my VU+ boxes.


  • Please log in to reply
130 replies to this topic

Re: Tighten Security From Outside Attacks on my VU+ boxes. #61 Robinson

  • Senior Member
  • 2,621 posts

+30
Good

Posted 8 December 2016 - 14:33

SSH may be simpler if you aren't exchanging large files. And it doesn't involve as much setup.
http://www.milosoftw...p?body=dropbear
You can use this also to setup connections between boxes and tunnel any traffic over it securely.

 

What happens when I re-flash the box?

What should be done to avoid creating the keys again?


ET9000, OpenPLi 4.0, 13E, 19E

HD51, OpenPLi 6.2, 75E - 30W


Re: Tighten Security From Outside Attacks on my VU+ boxes. #62 MiLo

  • PLi® Core member
  • 14,055 posts

+298
Excellent

Posted 8 December 2016 - 14:35

Autobackup will save and restore the keys automatically.
Real musicians never die - they just decompose

Re: Tighten Security From Outside Attacks on my VU+ boxes. #63 Robinson

  • Senior Member
  • 2,621 posts

+30
Good

Posted 8 December 2016 - 14:49

OK, but if I don't want to use Autobackup?

Let's say I want to make sure my box will be completely fresh after re-flash without any possible litter?

What files/folders should I copy before re-flash and restore afterwards?


ET9000, OpenPLi 4.0, 13E, 19E

HD51, OpenPLi 6.2, 75E - 30W


Re: Tighten Security From Outside Attacks on my VU+ boxes. #64 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 15:09

Damn, I will have to quicken my safe setup.

There was another trespass in my Vu+ last night. I don't understand what the point is for the intruder to set an address to another share than my Oscam at home.

I haven't noticed anything since my channels on my TV was working but then all of a sudden my channel list was greyed out when I tried to switch the channel so that got the red flag up.

 

Also I just realised that my password to my WEBIf was ok, but when I tried to logon in to my VU+ through FTP and Telnet the password didn't work.

Didn't know I could set different passwords for different services.

 

Jeez, all router settings like portwareding I have now killed.

OpenVPN here I come. Glad it's christmas time, so I'll have a lot of spare time :)



Re: Tighten Security From Outside Attacks on my VU+ boxes. #65 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 15:15

By the way, tried to do a Factory Reset on my VU+ to skip hassle with the USB flash drive. But the Factory Reset is not a good name for it since it doesn't wipe your box completely to s when I got it.

All files passwords etc are still there after the reset. So a name change would be in place.

For me Factory Reset means wiping ALL stuff out and just have a bare bone clean box.


Edited by kermith, 8 December 2016 - 15:16.


Re: Tighten Security From Outside Attacks on my VU+ boxes. #66 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 8 December 2016 - 16:00

There was another trespass in my Vu+ last night. I don't understand what the point is for the intruder to set an address to another share than my Oscam at home.

Simple: They don't know it's "your" oscam at home, they just see there is a CS-Server you use.
They add your server to their oscam to get access to it and in the best case they then hook your oscam to theirs (To avoid multiple logins on the CS-Server, which would happen if you were also still connecting to it).

Or they are just fooling around to show you that everything is wide open.
If you happen to watch MTV, Fundorado TV or Megamax a lot the last weeks, it's me switching your channels and you got no decent pay TV (Else I would have zapped to Hustler TV or Brazzers TV).
Building new images/packages sometimes takes quite some time and zapping other people's E2 box is a quick and non-demanding amusement, especially when all the tabs are already open *vbeg*

Quite impressive how long people just try to zap back before they finally close the ports ... the most patient one is still having fun.
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390

Re: Tighten Security From Outside Attacks on my VU+ boxes. #67 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 16:18

Great Post @SpaceRat. I just don't get the point, to connect me to their servers. They are handing me a cline for free and what they want in return?
I suspect they want to stream from it as "a payment". I would have never seen it if I suddenly had an greyed out list in my channel listing. 

 

Or, as you say, they just wanna make me feel like an idiot. Well in that case the have succeeded :)

 

Also, as I wrote, how is it possible to have different passwords for different services. I thought setting a password with the telnet command "passwd", is all the passwords there is to set to gain access to WEBIf (if the authentication is set there), telnet, ftp and ssh. Are there additional setup for setting different passwords for different accounts?



Re: Tighten Security From Outside Attacks on my VU+ boxes. #68 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 8 December 2016 - 16:29

Telnet doesn't belong opened to the internet, no matter what.
For ssh don't use passwords at all, use pub/private key auth (asymetric crypto) instead and disable password use entirely.

OpenWebif allows you to "disallow root logins" (So that OWIF can not be abused to probe the password for root), you will have to use any other linux user's but root's login/password then.
It's not a big security gain though.
It's basically only good enough if you want to access the Webif locally without your son spying the password, so that he can telnet to the box afterwards, finding out the pin for your pr0n channels.

FTP will also work with any Linux user you create, but in most cases you will end up with using user root, because the only thing you actually need FTP for is moronic E2 tools for Bouquet creation.
For secure file access use SSH's sftp-server or scp (Secure CoPy) instead.
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390

Re: Tighten Security From Outside Attacks on my VU+ boxes. #69 littlesat

  • PLi® Core member
  • 57,431 posts

+708
Excellent

Posted 8 December 2016 - 16:57

Telnet doesn't belong opened to the internet, no matter what.

For ssh don't use passwords at all, use pub/private key auth (asymetric crypto) instead and disable password use entirely.

+1


Edited by littlesat, 8 December 2016 - 16:58.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Tighten Security From Outside Attacks on my VU+ boxes. #70 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 17:01

Telnet doesn't belong opened to the internet, no matter what.
For ssh don't use passwords at all, use pub/private key auth (asymetric crypto) instead and disable password use entirely.

OpenWebif allows you to "disallow root logins" (So that OWIF can not be abused to probe the password for root), you will have to use any other linux user's but root's login/password then.
It's not a big security gain though.
It's basically only good enough if you want to access the Webif locally without your son spying the password, so that he can telnet to the box afterwards, finding out the pin for your pr0n channels.

FTP will also work with any Linux user you create, but in most cases you will end up with using user root, because the only thing you actually need FTP for is moronic E2 tools for Bouquet creation.
For secure file access use SSH's sftp-server or scp (Secure CoPy) instead.

 

Man, that is a great post! Thanks all for sharing your knowledge, which is priceless! 



Re: Tighten Security From Outside Attacks on my VU+ boxes. #71 Pedro_Newbie

  • Senior Member
  • 4,631 posts

+225
Excellent

Posted 8 December 2016 - 17:23

Let's hope that your provider isn't going to block your card/subscription because it is on a share network



Re: Tighten Security From Outside Attacks on my VU+ boxes. #72 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 18:12

True, but how could a provider check if it's on a shared network.

I use it in my house and stream to my country house.



Re: Tighten Security From Outside Attacks on my VU+ boxes. #73 Robinson

  • Senior Member
  • 2,621 posts

+30
Good

Posted 8 December 2016 - 18:23

Damn, I will have to quicken my safe setup.

There was another trespass in my Vu+ last night.

What does netstat show?


ET9000, OpenPLi 4.0, 13E, 19E

HD51, OpenPLi 6.2, 75E - 30W


Re: Tighten Security From Outside Attacks on my VU+ boxes. #74 MiLo

  • PLi® Core member
  • 14,055 posts

+298
Excellent

Posted 8 December 2016 - 18:37

OK, but if I don't want to use Autobackup?
Let's say I want to make sure my box will be completely fresh after re-flash without any possible litter?
What files/folders should I copy before re-flash and restore afterwards?


I'd say just read the source code of autobackup. That'll tell you everything.
Real musicians never die - they just decompose

Re: Tighten Security From Outside Attacks on my VU+ boxes. #75 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 8 December 2016 - 20:37

blo.png
:)
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390

Re: Tighten Security From Outside Attacks on my VU+ boxes. #76 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 21:18

Hehe



Re: Tighten Security From Outside Attacks on my VU+ boxes. #77 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 8 December 2016 - 21:19

 

Damn, I will have to quicken my safe setup.

There was another trespass in my Vu+ last night.

What does netstat show?

 

 

Netstat where?



Re: Tighten Security From Outside Attacks on my VU+ boxes. #78 Robinson

  • Senior Member
  • 2,621 posts

+30
Good

Posted 8 December 2016 - 22:47

Netstat is a telnet command.


ET9000, OpenPLi 4.0, 13E, 19E

HD51, OpenPLi 6.2, 75E - 30W


Re: Tighten Security From Outside Attacks on my VU+ boxes. #79 kermith

  • Senior Member
  • 182 posts

+2
Neutral

Posted 9 December 2016 - 02:07

So what should I do?



Re: Tighten Security From Outside Attacks on my VU+ boxes. #80 SpaceRat

  • Senior Member
  • 1,030 posts

+65
Good

Posted 9 December 2016 - 02:15

If you believe that you currently got visitors on your box, you can execute
netstat -t
on the shell (Via telnet or ssh).

You can then see the active connections, one will be your own telnet/ssh connection, about the others you will have to see yourself:
root@duo2 ~ # netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 Duo2.lan:35361          debian.lan:12000        ESTABLISHED
tcp        0      0 Duo2.lan:ssh            pc.lan:64292            ESTABLISHED
Left side is your box, right side the peer(s) connected.

In this case everything is just fine, the only two connections are
- my PC being connected via ssh
and
- the box being connected to my central oscam server.
1st box: Vu+ Ultimo 4k 4xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
2nd box: Gigablue Quad 4k 2xDVB-S2 FBC / 2xDVB-C / 1.8 TB HDD / OpenATV 6.2
testing boxes: Vu+ Duo² + AX Quadbox HD2400 + 2x Vu+ Solo² + Octagon SF4008
Sats & Pay-TV: Astra 19.2°E + Hotbird 13°E with Redlight / SCT HD / SES Astra HD- / Sky V14 / 4th empire propaganda TV
Card-Server: Raspberry Pi + IPv6-capable oscam
Router: Linksys WRT1900ACS w/ LEDE + Fritz!Box 7390


9 user(s) are reading this topic

0 members, 9 guests, 0 anonymous users