Seagate abandon remote access to their 'Central' NAS

On 08/05/2018 15:57, dennis@home wrote:
On 08/05/2018 14:03, Chris Green wrote:


What doesn't FTP allow you to do that you want to do? You can get
'file explorer' like GUIs that use FTP.


The op doesn't actually say what NAS he has but..

https://wiki.debian.org/InstallingDe.../PersonalCloud

gives instructions for putting linux on some Seagate NAS boxes.

Then he has multiple options if it works or buying a synolgy NAS if it
doesn't.

The model of mine is SRN01C - which does not appear to be one of the
supported models.
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

On 08/05/2018 08:22, The Natural Philosopher wrote:

On 07/05/18 23:12, Roger Mills wrote:

Seagate provided a facility whereby you could log on at
access.seagate.com and access the files on your NAS. ...
... They have taken down their server, and withdrawn
support for the Tappin app on portable devices.

Yes, it seems like it really has gone already:
C:\TEMPping access.seagate.com

Pinging seagateaccess.tappin.com [208.89.184.225] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 208.89.184.225:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

They apologise for any
inconvenience caused(!) and assure me that my data is quite safe - but
can only be accessed from within my own network.

So, as others have suggested, you need think about how to gain access
across your own router.

My router supports Game and Application Sharing - which permits me
(for example) to associate a PPTP server with my Seagate NAS so that -
in theory - anything coming in on port 1723 goes to the NAS. Problem
is that all such connects are refused!

Probably need to open up the firewall on the NAS as well as the one on
the router.

If I log on to the NAS's web interface, it offers me 'Services' of
"Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two
of these are no longer supported and the last two only work on the
same LAN as the NAS.

So you're going to have to hack into the NAS, which means that probably
you'd've done better to post to a Linux NG, but see some suggestions
below anyway.

I've no idea what OS the NAS uses - probably some flavour of
Unix/Linux

Almost certainly an embedded version of Linux.

but it's pretty thoroughly locked down with no ready
access to it.

Apparently at one time not securely locked down at all:
https://www.slashgear.com/seagate-na...hole-08402370/

Oh dear! For starters, try telnet from the relative security of your
own LAN!

I *can* FTP to the NAS but that doesn't seem to allow me
to do much.

Obviously there is a way in, but its not well advertised.

Yes, apparently use telnet!

It the tappin crap was supposed to work behind a firewall with no
especial configuration, that strongly implies that the NAS istself sets
up and maintains a permanent connection to some seagate cloud.

Bit like skype does

Possibly, but that can be disabled now, if the OP can get into the box.

Now if that is the case you wont be able to use that partucular backdoor.

Unless he subverts it in some way.

I would try scanning the NAS ports to see which are active.

My guess is that ssh might be open. If its bog standard linux on the
NAS. Try using PUTTY to connect to it. If that works you can use sftp
and its chumsÂ* if you redirect port 22 to the NAS.

Given that telnet may be able to gain access, I would advise starting
with that.

It is not beyond the bounds of reason either to set up port redirection
for SMB services on the router so you can actually mount the NAS across
the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be
redirected to the NAS box.

Why would he need Samba/SMB? He makes no specific mention of Windows
devices requiring remote access, only media files, so presumably a
mobile or a tablet, Mac or Android, which are both Linux.

Obviously you wont be able to 'scan' for the NAS across the internet, so
you will have to know ip address and tell whatever ****e MS uses to
display shares *for that server*. Or better still use NET USE to mount
the device as a drive etc

No, no! He doesn't seem to need this at all. NET USE is a (very old
legacy) Windows command to mount a network share as a drive letter.
These days, he wouldn't even need this to connect from a Windows
machine. W9x or older used it, but since 2K+, in fact I suspect even
NT3+, Windows PCs have been able to connect directly using the protocol:
\\Server\Share

It's not very secure though, but I myself have done this years ago as
proof of concept.

I suspect the way forward is to tunnel, but, although I understand the
principles involved, I'm not familiar with the practicalities of this.

Back to the OP:

There are two stages involved in customising/hacking such devices:

1) Gaining access, it sounds as though telnet might work, so try that
first, but failing that, see the next link below.

2) Finding a workable method of subverting the boot process to apply
the desired customisations.

Others already may have done some or all of this work for you. I
haven't read the following, but the equivalent Zyxel section was very
helpful to me:
http://www.nas-central.org/wiki/Seagate_Central

Although the following apply to different devices, if you want brief
descriptions of how the above two stages are attained in practice,
together with some example scripts, see also:

http://www.macfh.co.uk/Test/QNAPNMP1000.html
http://www.macfh.co.uk/Test/ZyxelNSA221.html

Also, although it's probably a bit late for you, for future reference,
the moment I buy anything like this I go online and download and save
locally everything related to it that there is the remotest possibility
that I could ever need - PDF Manuals, firmware upgrades, instructions
for hacking into, files required to do so, etc, etc. Here are some
links to things that might still prove useful to you:

Manual: https://www.manualsearcher.com/seaga...-srn01c/manual
https://www.seagate.com/files/www-co...r-guide-us.pdf
http://knowledge.seagate.com/article...S/FAQ/005532en

The above from:
https://duckduckgo.com/?t=palemoon&q=Seagate+SRN01C+NAS

On 08/05/2018 08:22, The Natural Philosopher wrote:
On 07/05/18 23:12, Roger Mills wrote:
Seagate provided a facility whereby you could log on at
access.seagate.com and access the files on your NAS. That may well
have employed some sort of dynamic DNS for those needing it - but that
isn't the issue. They have taken down their server, and withdrawn
support for the Tappin app on portable devices. They apologise for any
inconvenience caused(!) and assure me that my data is quite safe - but
can only be accessed from within my own network.

My router supports Game and Application Sharing - which permits me
(for example) to associate a PPTP server with my Seagate NAS so that -
in theory - anything coming in on port 1723 goes to the NAS. Problem
is that all such connects are refused!

If I log on to the NAS's web interface, it offers me 'Services' of
"Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two
of these are no longer supported and the last two only work on the
same LAN as the NAS.

I've no idea what OS the NAS uses - probably some flavour of
Unix/Linux - but it's pretty thoroughly locked down with no ready
access to it. I *can* FTP to the NAS but that doesn't seem to allow me
to do much.

Hmm. A pretty problem.

Obviously there is a way in, but its not well advertised.
It the tappin crap was supposed to work behind a firewall with no
especial configuration, that strongly implies that the NAS istself sets
up and maintains a permanent connection to some seagate cloud.

Bit like skype does


Now if that is the case you wont be able to use that partucular backdoor.


I would try scanning the NAS ports to see which are active.

My guess is that ssh might be open. If its bog standard linux on the
NAS. Try using PUTTY to connect to it. If that works you can use sftp
and its chums if you redirect port 22 to the NAS.


It is not beyond the bounds of reason either to set up port redirection
for SMB services on the router so you can actually mount the NAS across
the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be
redirected to the NAS box.

Obviously you wont be able to 'scan' for the NAS across the internet, so
you will have to know ip address and tell whatever ****e MS uses to
display shares *for that server*. Or better still use NET USE to mount
the device as a drive etc


It's not very secure though, but I myself have done this years ago as
proof of concept.


Thanks for your comments.

I have made *some* progress with FTP. There are two shares on the NAS -
a public one which accepts an anonymous ftp connection, and a private
one which requires a username and password. I can point my AceFTP PRO
client at either of these, and see the folders and files. That's from
within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to my
files? If so, which ones, and what client software/apps would I need to
use on (a) Windows and (B) Android?
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

Roger Mills wrote:
On 08/05/2018 08:22, The Natural Philosopher wrote:
On 07/05/18 23:12, Roger Mills wrote:
Seagate provided a facility whereby you could log on at
access.seagate.com and access the files on your NAS. That may well
have employed some sort of dynamic DNS for those needing it - but that
isn't the issue. They have taken down their server, and withdrawn
support for the Tappin app on portable devices. They apologise for any
inconvenience caused(!) and assure me that my data is quite safe - but
can only be accessed from within my own network.

My router supports Game and Application Sharing - which permits me
(for example) to associate a PPTP server with my Seagate NAS so that -
in theory - anything coming in on port 1723 goes to the NAS. Problem
is that all such connects are refused!

If I log on to the NAS's web interface, it offers me 'Services' of
"Remote Access", "Seagate Media", "DLNA" and "iTunes". The first two
of these are no longer supported and the last two only work on the
same LAN as the NAS.

I've no idea what OS the NAS uses - probably some flavour of
Unix/Linux - but it's pretty thoroughly locked down with no ready
access to it. I *can* FTP to the NAS but that doesn't seem to allow me
to do much.

Hmm. A pretty problem.

Obviously there is a way in, but its not well advertised.
It the tappin crap was supposed to work behind a firewall with no
especial configuration, that strongly implies that the NAS istself sets
up and maintains a permanent connection to some seagate cloud.

Bit like skype does


Now if that is the case you wont be able to use that partucular backdoor.


I would try scanning the NAS ports to see which are active.

My guess is that ssh might be open. If its bog standard linux on the
NAS. Try using PUTTY to connect to it. If that works you can use sftp
and its chums if you redirect port 22 to the NAS.


It is not beyond the bounds of reason either to set up port redirection
for SMB services on the router so you can actually mount the NAS across
the internet. TCP ports 139 and 445 and UDP ports 137 and 138 should be
redirected to the NAS box.

Obviously you wont be able to 'scan' for the NAS across the internet, so
you will have to know ip address and tell whatever ****e MS uses to
display shares *for that server*. Or better still use NET USE to mount
the device as a drive etc


It's not very secure though, but I myself have done this years ago as
proof of concept.


Thanks for your comments.

I have made *some* progress with FTP. There are two shares on the NAS -
a public one which accepts an anonymous ftp connection, and a private
one which requires a username and password. I can point my AceFTP PRO
client at either of these, and see the folders and files. That's from
within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to my
files? If so, which ones, and what client software/apps would I need to
use on (a) Windows and (B) Android?

I'm thinking you want to work your network foo on Port 22.

https://serverfault.com/questions/74...-does-sftp-use

"As SFTP runs as a subsystem of SSH it runs on whatever
port the SSH daemon is listening on"

"SFTP transfers all data over the SSH connection.
No additional port is used."

Paul

On 09/05/2018 19:42, Paul wrote:
Roger Mills wrote:


I have made *some* progress with FTP. There are two shares on the NAS
- a public one which accepts an anonymous ftp connection, and a
private one which requires a username and password. I can point my
AceFTP PRO client at either of these, and see the folders and files.
That's from within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to
my files? If so, which ones, and what client software/apps would I
need to use on (a) Windows and (B) Android?

I'm thinking you want to work your network foo on Port 22.

https://serverfault.com/questions/74...-does-sftp-use

"As SFTP runs as a subsystem of SSH it runs on whatever
port the SSH daemon is listening on"

"SFTP transfers all data over the SSH connection.
No additional port is used."

Paul

Thanks. I had come to the same conclusion - and have made *some*
progress using sftp on Port 22, but still have a way to go.

As noted before, when connecting tom the NAS from within my own
network, I can use bog-standard FTP on Port 21. I can access the Private
share on the NAS by supplying the correct username and password, and can
access the Public share by using an anonymous logon.

In order to access the NAS from outside my network (Android tablet using
Android phone-generated hotspot) using sftp, I have told my router to
assign port 22 to the NAS. I can then access the Private share ok, by
supplying the username and password. But I'm stuck with the Public
share. I haven't found any way of using sftp anonymously, so I can't get
in. I've tried several Android sftp client apps - the most promising one
being AndFTP - but to no avail.

Any ideas?
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

Roger Mills wrote:
On 09/05/2018 19:42, Paul wrote:
Roger Mills wrote:


I have made *some* progress with FTP. There are two shares on the NAS
- a public one which accepts an anonymous ftp connection, and a
private one which requires a username and password. I can point my
AceFTP PRO client at either of these, and see the folders and files.
That's from within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to
my files? If so, which ones, and what client software/apps would I
need to use on (a) Windows and (B) Android?

I'm thinking you want to work your network foo on Port 22.

https://serverfault.com/questions/74...-does-sftp-use

"As SFTP runs as a subsystem of SSH it runs on whatever
port the SSH daemon is listening on"

"SFTP transfers all data over the SSH connection.
No additional port is used."

Paul

Thanks. I had come to the same conclusion - and have made *some*
progress using sftp on Port 22, but still have a way to go.

As noted before, when connecting tom the NAS from within my own
network, I can use bog-standard FTP on Port 21. I can access the Private
share on the NAS by supplying the correct username and password, and can
access the Public share by using an anonymous logon.

In order to access the NAS from outside my network (Android tablet using
Android phone-generated hotspot) using sftp, I have told my router to
assign port 22 to the NAS. I can then access the Private share ok, by
supplying the username and password. But I'm stuck with the Public
share. I haven't found any way of using sftp anonymously, so I can't get
in. I've tried several Android sftp client apps - the most promising one
being AndFTP - but to no avail.

Any ideas?

The user manual doesn't hint at any controls being available,
so a Zen-like "it is what it is", is all I can manage as an
answer :-)

If you forward the FTP port... you'll be sorry :-)
So that's not the answer.

Paul

Roger Mills wrote:

On 09/05/2018 19:42, Paul wrote:
Roger Mills wrote:


I have made *some* progress with FTP. There are two shares on the NAS
- a public one which accepts an anonymous ftp connection, and a
private one which requires a username and password. I can point my
AceFTP PRO client at either of these, and see the folders and files.
That's from within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to
my files? If so, which ones, and what client software/apps would I
need to use on (a) Windows and (B) Android?

I'm thinking you want to work your network foo on Port 22.

https://serverfault.com/questions/74...-does-sftp-use

"As SFTP runs as a subsystem of SSH it runs on whatever
port the SSH daemon is listening on"

"SFTP transfers all data over the SSH connection.
No additional port is used."

Paul

Thanks. I had come to the same conclusion - and have made *some*
progress using sftp on Port 22, but still have a way to go.

As noted before, when connecting tom the NAS from within my own
network, I can use bog-standard FTP on Port 21. I can access the Private
share on the NAS by supplying the correct username and password, and can
access the Public share by using an anonymous logon.

In order to access the NAS from outside my network (Android tablet using
Android phone-generated hotspot) using sftp, I have told my router to
assign port 22 to the NAS. I can then access the Private share ok, by
supplying the username and password. But I'm stuck with the Public
share. I haven't found any way of using sftp anonymously, so I can't get
in. I've tried several Android sftp client apps - the most promising one
being AndFTP - but to no avail.

Any ideas?

I don't know *how* to do it, but I think that you need to set up
smb.conf so that the public share accepts your login credentials as a
synonym for anonymous/guest access. This creates no extra security risk
and I think it only needs a fairly simple user alias statement. But my
memory is hazy.



--

Roger Hayter

On Sat, 12 May 2018 22:47:43 +0100, Roger Mills
wrote:

On 09/05/2018 19:42, Paul wrote:
Roger Mills wrote:


I have made *some* progress with FTP. There are two shares on the NAS
- a public one which accepts an anonymous ftp connection, and a
private one which requires a username and password. I can point my
AceFTP PRO client at either of these, and see the folders and files.
That's from within my own network, of course.

I've done a port scan, and found a number of ports open:

22 OpenSSH
110 ?
139 Samba
143 ?
443 OpenSSL
445 Samba (again)
548 Netatalk
993 ?
995 ?

Do any of these look promising as a means of getting remote access to
my files? If so, which ones, and what client software/apps would I
need to use on (a) Windows and (B) Android?

I'm thinking you want to work your network foo on Port 22.

https://serverfault.com/questions/74...-does-sftp-use

"As SFTP runs as a subsystem of SSH it runs on whatever
port the SSH daemon is listening on"

"SFTP transfers all data over the SSH connection.
No additional port is used."

Paul

Thanks. I had come to the same conclusion - and have made *some*
progress using sftp on Port 22, but still have a way to go.

As noted before, when connecting tom the NAS from within my own
network, I can use bog-standard FTP on Port 21. I can access the Private
share on the NAS by supplying the correct username and password, and can
access the Public share by using an anonymous logon.

As you noted, FTP includes the concept of anonymous login. However, SFTP
(which is part of the SSH suite) has no such thing as anonymous login.
With SSH (and of course SFTP), all access starts with properly logging
into a specific account.

There are workarounds, usually involving replacing a security module on
the SSH server so that all logins, no matter what, are allowed, but that
would be a security hole of large proportions.

In order to access the NAS from outside my network (Android tablet using
Android phone-generated hotspot) using sftp, I have told my router to
assign port 22 to the NAS. I can then access the Private share ok, by
supplying the username and password. But I'm stuck with the Public
share. I haven't found any way of using sftp anonymously, so I can't get
in. I've tried several Android sftp client apps - the most promising one
being AndFTP - but to no avail.

Any ideas?

I would say you should create or use a 'private' account on the NAS as
if it were public, meaning just share the password for that account and
put the public stuff there.

--

Char Jackson

On 12/05/2018 22:47, Roger Mills wrote:


Any ideas?

Get a pi zero w and setup a VPN so your NAS appears as a local devices
when you log in from the internet.

You can set the firewall to only allow access to the NAS if you want.

They cost about £17 with a PSU.

You could even put your NAS disk in a USB case and use the pi as a NAS
server if speed isn't a problem.

On 13/05/2018 09:25, dennis@home wrote:
On 12/05/2018 22:47, Roger Mills wrote:


Any ideas?

Get a pi zero w and setup a VPN so your NAS appears as a local devices
when you log in from the internet.

You can set the firewall to only allow access to the NAS if you want.

They cost about £17 with a PSU.

You could even put your NAS disk in a USB case and use the pi as a NAS
server if speed isn't a problem.

Many routers have built in VPN servers - and for that matter can share a
USB HDD over the network. The Pi may not be needed at all.

SteveW

On 13/05/2018 13:57, Steve Walker wrote:
On 13/05/2018 09:25, dennis@home wrote:
On 12/05/2018 22:47, Roger Mills wrote:


Any ideas?

Get a pi zero w and setup a VPN so your NAS appears as a local devices
when you log in from the internet.

You can set the firewall to only allow access to the NAS if you want.

They cost about £17 with a PSU.

You could even put your NAS disk in a USB case and use the pi as a NAS
server if speed isn't a problem.

Many routers have built in VPN servers - and for that matter can share a
USB HDD over the network. The Pi may not be needed at all.

SteveW

Most routers are full of bugs and security holes so I wouldn't trust
them. What was the last time you got a security fix for your router?

On 13/05/2018 21:05, dennis@home wrote:
On 13/05/2018 13:57, Steve Walker wrote:
On 13/05/2018 09:25, dennis@home wrote:
On 12/05/2018 22:47, Roger Mills wrote:


Any ideas?

Get a pi zero w and setup a VPN so your NAS appears as a local
devices when you log in from the internet.

You can set the firewall to only allow access to the NAS if you want.

They cost about £17 with a PSU.

You could even put your NAS disk in a USB case and use the pi as a
NAS server if speed isn't a problem.

Many routers have built in VPN servers - and for that matter can share
a USB HDD over the network. The Pi may not be needed at all.

SteveW

Most routers are full of bugs and security holes so I wouldn't trust
them. What was the last time you got a security fix for your router?

I've had 3 updates to its firmware in the last 2 years.

SteveW