- #Do i need to import a synology private key for my mac client ssl install#
- #Do i need to import a synology private key for my mac client ssl software#
Synology only makes the GUI client that runs on your machine that locally interfaces to the NAS box.Īs to the Debian 2006 SSL problem.
#Do i need to import a synology private key for my mac client ssl software#
The source, meaning both source code and source of software, of software running on Synology hardware is not Synology. If you are comparing Synology to Debian, then the "trusted" source argument is entirely flawed.
#Do i need to import a synology private key for my mac client ssl install#
If this sounds like fun or it sounds like something you're currently working on - shoot me an email: also wish there was such a thing as a nice, inexpensive ARM board (~$100) with plenty of SATA ports and upgradable RAM (so you can run huge ZFS pools on it) that you can install your own OS on.Īre you comparing the Synology GNU/Linux distro to Debian or some generic distro to Debian? I'd love to work on an open-source, security-oriented, user-friendly DSM "clone" with the right kind of people. FreeNAS (and related forks) sacrifice too much flexibility and don't offer anything that you can't easily do yourself with a Linux/BSD server distro. It's sad that most of the open-source NAS solutions are so bad compared to their commercial counterparts. Nmap done: 1 IP address (1 host up) scanned in 40.47 seconds |_smbv2-enabled: Server supports SMBv2 protocol |_ Message signing disabled (dangerous, but default) | SMB Security: Challenge/response passwords supported
| Account that was used for smb scripts: guest |_nbstat: NetBIOS name: redacted, NetBIOS user:, NetBIOS MAC: Inc./stateOrProvinceName=Taiwan/countryName=TW |_http-title: Did not follow redirect to | ssl-cert: Subject: commonName=/organizationName=Synology
|_http-title: Did not follow redirect to 5001/tcp open ssl/http Apache httpd |_http-methods: No Allow or Public header in OPTIONS response (status code 302) | http-methods: Potentially risky methods: PUT | UAMs: Cleartxt Passwrd, No User Authent, DHX2, DHCAST128 |_http-title: Did not follow redirect to 111/tcp open rpcbind 2-4 (RPC #100000)ġ39/tcp open netbios-ssn Samba smbd 3.X (workgroup: REDACTED)Ĥ45/tcp open netbios-ssn Samba smbd 3.X (workgroup: REDACTED)ĥ48/tcp open afp Netatalk 2.2.3 (name: redacted protocol 3.3) |_http-methods: No Allow or Public header in OPTIONS response (status code 301) |_http-generator: ERROR: Script execution failed (use -d to debug) Here's an nmap trace from my Synology ~ % nmap -A Ģ2/tcp open ssh OpenSSH 5.8p1-hpn13v11 (protocol 2.0) I really like the UI, but the software stack they're using under the hood (Apache, PHP, MySQL, etc.) has a massive attack surface, if not routinely kept up-to-date. I've had a Synology NAS for almost a year now. Or if you exposed it yourself on your firewall. I'm guessing this only affects you if you have their EZ-Internet service enabled that exposes the NAS to the public internet.
0 kommentar(er)
