I'd love to work on an open-source, security-oriented, user-friendly DSM "clone" with the right kind of people. FreeNAS (and related forks) sacrifice too much flexibility and don't offer anything that you can't easily do yourself with a Linux/BSD server distro. It's sad that most of the open-source NAS solutions are so bad compared to their commercial counterparts. Nmap done: 1 IP address (1 host up) scanned in 40.47 seconds |_smbv2-enabled: Server supports SMBv2 protocol |_ Message signing disabled (dangerous, but default) | SMB Security: Challenge/response passwords supported | Account that was used for smb scripts: guest |_nbstat: NetBIOS name: redacted, NetBIOS user:, NetBIOS MAC: Inc./stateOrProvinceName=Taiwan/countryName=TW |_http-title: Did not follow redirect to | ssl-cert: Subject: commonName=/organizationName=Synology |_http-title: Did not follow redirect to 5001/tcp open ssl/http Apache httpd |_http-methods: No Allow or Public header in OPTIONS response (status code 302) | http-methods: Potentially risky methods: PUT | UAMs: Cleartxt Passwrd, No User Authent, DHX2, DHCAST128 |_http-title: Did not follow redirect to 111/tcp open rpcbind 2-4 (RPC #100000)ġ39/tcp open netbios-ssn Samba smbd 3.X (workgroup: REDACTED)Ĥ45/tcp open netbios-ssn Samba smbd 3.X (workgroup: REDACTED)ĥ48/tcp open afp Netatalk 2.2.3 (name: redacted protocol 3.3) |_http-methods: No Allow or Public header in OPTIONS response (status code 301) |_http-generator: ERROR: Script execution failed (use -d to debug) Here's an nmap trace from my Synology ~ % nmap -A Ģ2/tcp open ssh OpenSSH 5.8p1-hpn13v11 (protocol 2.0) I really like the UI, but the software stack they're using under the hood (Apache, PHP, MySQL, etc.) has a massive attack surface, if not routinely kept up-to-date. I've had a Synology NAS for almost a year now. Or if you exposed it yourself on your firewall. I'm guessing this only affects you if you have their EZ-Internet service enabled that exposes the NAS to the public internet.
0 kommentar(er)
