Remote FTP

Okay, so what you intend to do is copy to USB (thereby decrypting StDef, and potentially HiDef with a little manipulation) manually, and then only access the prepared library from the WAN. Fair enough.

Typical enquiries along these lines are often to be able to access stuff that has been recorded without manual intervention.
 
Just for the record in case anyone is wondering about doing this with DLNA... DLNA is very hard to get to work remotely (it is designed to only work on the same LAN).

My ssdp-fake program can make a remote DLNA server appear to be on the local LAN. But, in practice, there are a number of problems using it for the sort of remote access discussed here:

  1. ssdp-fake runs on Linux systems (it may be able to be ported to Windows but I haven't tried).
  2. You would need to open up some UDP ports as well as TCP ports in your home router (you would want to think very carefully about security as there is no security in DLNA -- not even a password).
  3. The internet connection between you and your home may block (deliberately or accidentally) either the UDP or the TCP ports.
  4. There may not be sufficient bandwidth (and sufficiently low jitter) to get an effective streaming connection.
  5. The Humax DLNA media-server will not stream HD content.
Items 2 and 3 could be addressed by setting up a VPN. Item 4 by downloading from the DLNA server instead of really streaming (my dlna-mediaserver-walk should be able to give you a suitable URL to download). Working round item 5 is a different topic, although it can be done.

Bottom line -- remote DLNA access is not really practical unless you are planning to do it so often you are willing to spend a lot of time setting up VPNs and things. The "copy to a USB disk and ftp from that" option is easier although the security issues are extremely serious -- you must set up the home router to only allow access to the FTP port from your particular remote IP address (and disable it when you don't need it any more). Do not forget that if you can read from the Humax using FTP then you can also delete and store files as well (you wouldn't want your Humax to become a place for hackers to store malware or child porn). Personally, I recommend copying whatever you want to access to Dropbox or something before you leave home and do not open up remote access at all.
 
If you change the password from the default one no one can gain access to the humax box anyway?
Also when the power is off the server is disabled.
 
I assume the FTP server password changes if you change the box password (although I don't know). But I don't think many people run an intrusion detection system on their home network to detect someone trying all 10,000 four digit passwords, which would probably take less than a couple of hours.

Entirely up to you, of course. Someone would have to portscan your address, recognize it as a Humax (I don't know if FTP servers announce their software), and run through all the passwords. All while the server is on. How big the risk is depends on how long you leave the access configured for, how much time you spend with the Humax box on, etc. Personally I wouldn't take the risk but some might.
 
Yes pw changes with box pw.
Well personally don't think there is much risk.
Let's face it nothing's 100% safe.
Haha just saying prpr don't leave my humax on all day so therefore not vulnerable to attack but thanks for your time and comment ;)
 
tomnutt said:
Well personally don't think there is much risk.
Click to expand...
Let's see:
Code: 
C:\Users\prpr>ftp humax
Connected to humax.
220 Humax FTP Server ready.
User (humax:(none)): tomnutt
331 Password required for tomnutt.
Password:
230 User logged in.
ftp>
Username? Anything. What was the password? Oh yeah, it's the default. Not exactly difficult is it?
Let's face it nothing's 100% safe.
Click to expand...
No, but the Humax FTP server is so far away from 100% that it's very risky. You are a fool if you think otherwise.
What's your IP address by the way?
 
You see, you've fallen for it. Just shows how easy it is. I suggest you remove that from your post ASAP.
Hopefully I've convinced you and hopefully that is a dynamically assigned address...
 
I disagree. Better to learn the hard way from friendly folk instead of the other sort. It should raise his awareness of the danger.
 
Some food for thought:
  1. P2P is notorious for illegal file sharing. FTP can be used for the same thing, so you should expect heavy scanning/probing of open ports associated with it.
    If you don't already know who might be motivated to scan such ports, I suggest that you do the following:
    Go to the Gibson Research Corporation website and search for the following term in inverted commas:
    "So how do the RIAA and the MPAA find me? How do they know my name and address? They only have my IP address"
    (RIAA = Recording Industry Association of America)
    (MPAA = Motion Picture Association of America)
    Other likely interested parties are law enforcement and security agencies seeking evidence of child pornography, terrorism and other crime.
  2. Googling "Angry IP Scanner" and "NMAP" suggests that any Tom, Dick or Harry should also be able to find your Humax (even if they don't know who it belongs to) and delete all of your files if they choose, since cracking FTP passwords (default password = 0000 and username = humaxftp) is not that difficult (try Googling "brute force ftp attack").
The bottom line:
Assuming that nothing illegal is involved, wouldn't some form of cloud storage be safer/preferable?
 
Last edited:
You must log in or register to reply here.
Back
Top