Security issues question in the Files Transfer system of D-Rats
|
Earlier tonight, John Davis, WB4QDX, gave an interview on Ham Radio Crash Course talking about D-Rats.? During the talk, one of Josh Nass's people set up their own HRCC ratflector and a number of folks on the live stream connected to it.? I sent a couple of small files to Josh's station with instructions on setting up for a first time user and getting other features set under Preferences.? He objected to the fact that another station could send files to his shared folder because he was worried about someone possibly uploading malware to his computer as he is an engineer by trade.? We were trying to figure out how a station could block the use of the file transfer feature if they wished, but there does not appear to be a way to do it.
The most glaring problem on one machine that appeared to be a Raspberry Pi, was if you simply removed the "D-RATS Shared" folder from the Paths section, the program defaults to allowing a connecting station to access the computer's root directory.? On a Windows machine, not having the D-RATS Shared folder able to be located caused a Debug Error to be issued and the program stopped functioning.?? The user was talking about leaving the station online but now is hesitant to do so because he does not want people loading things onto his computer without his knowledge or request.? This probably would not be a problem when operating in an emergency situation when the infrastructure was down but could be an issue for the guys who are out there putting themselves out on YouTube trying to educate other hams and having their computers connected to the Internet where they could be accessed by hackers or someone who didn't like something they said on one of their shows.? Any ideas on how to turn the File Transfer system off safely? Cordially, Glen-KG5CEN |
|
Yeah Glen, I like the ideas about the Symlinks from Mark...? I think in Windows the equivalent of /dev/null is $NULL from powershell or NUL?from a command prompt... On Sun, Feb 14, 2021 at 11:05 AM Mark via <markwaldron1=[email protected]> wrote:
|
|
One of the users also suggested using a folder on a certain capacity thumb drive attached to the computer and use that as the D-RATS Shared folder.??It is my understanding that if an infected file were to be uploaded, it could do no damage until and unless it was executed on the receiving machine.??It would be a simple matter to scan the thumb drive for malware periodically without having to do a scan of the entire computer to make sure nothing harmful was on the thumb drive.
I know there are malicious folks everywhere these days, but I have not run across people like that in the Amateur Radio community, not yet anyway.??But as the Good Lord says, "All have sinned and fallen short…” so I guess it is better to be safe than sorry.??It would be a very nasty way to interfere in an emergency response. Glen-KG5CEN On Feb 14, 2021, 11:54 AM -0600, Emile “Cheap Old Man” Diodene <ediodene@...>, wrote:
|
Glen Strecker
Emile “Cheap Old Man” Diodene
Edfel Rivera