TiVo Community Forum banner
  • TiVoCommunity.com Ambassador Program Now Open! >>> Click Here

security issues with networked tivo ?

13K views 83 replies 18 participants last post by  thechachman 
#1 ·
Hi,

I'm wondering what issues may arise of having my Tivo networked now. It's connected to a router that keeps my DSL connection permanently alive, so it's always connected to the internet. Naturally the router has a firewall, so there's some protection there, but they're not 100% secure. There are open ports. Not any that I've specifically additionally opened, but there are open ones.

Does anyone have scare stories of hackers getting into their tivo and back out into their local network ? Or just generally causing havoc within the tivo ? I know there's no trojan's running on the tivo that enable hacker tunnels but still have some concern.

I just tried connecting to it from a remote PC and was pleased to see the following (ip address altered to 1.2.3.4 for posting here):

C:\WINDOWS>ping 1.2.3.4

Pinging 1.2.3.4 with 32 bytes of data:

Request timed out.

Ping statistics for 1.2.3.4:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

C:\WINDOWS>telnet 1.2.3.4
Connecting To 1.2.3.4...Could not open connection to the host, on port 23:
Connect failed

C:\WINDOWS>ftp 1.2.3.4
Connected to 1.2.3.4.
Connection closed by remote host.

I also couldn't see the tivoweb page via http://1.2.3.4 which is also good (for now)...

Once I open up tivoweb page to the net am I opening up myself to a much increased risk? Is there any way to password protect the tivoweb page, or at least obfuscate the URL sufficiently that nobody would guess it? e.g. http://1.2.3.4/ofiehfhg882834832
 
See less See more
#54 ·
On the telewest IP address thing, I'm with blueyonder, and my IP address has changed precisely once in four years - which was when I needed it to. Some spammer cloned my IP for a BBS attack and the BBS blocked my access. Blueyonder support said that leaving it unplugged for 49 hours would do it, but it didn't, and I eventually had to wait until I was away on business for 10 days to unplug it long enough to get a new IP.

So for all practical purposes, blueyonder gives you a static IP address.
 
#55 ·
FWIW, most DHCP servers work like that - you have to be unconnected for 7 days plus for the IP address to be recycled back into the 'pool'.

On WinXP you can see what your ISP has by typing:
Code:
ipconfig /all
On my connection it says:
Code:
Lease Obtained. . . . . . . . . . : 31 August 2006 20:16:59
Lease Expires . . . . . . . . . . : 19 January 2038 04:14:07
But that's because I have my own DHCP server inbetween me and the ISP (NAT).
 
#57 ·
If you want an "instant" fresh IP address, you only need to change the MAC address of the device connected directly to the cable modem.

this can be done on your routers config page if using a router (and you can make up any MAC address) ... or change the network card if connected directly, or connect with your laptop instead.
 
#59 ·
FWIW Telewest used to use a combination of the MAC of the cable modem and the MAC of the connected network card to authenticate - so changing one wouldn't cause a clash on the TW network (as the modem itself does Network Address Translation).
You had to register the MAC of connected devices up to a limit of 5 addresses.

They used to have a condition that you were only permitted to connect one computer at a time, presumably so they didn't have to provide free Local Area Network configuration support.

The real gottcha was that if you had one computer connected and then switched the ethernet connection to another computer it would fail to connect the second machine but give no indication why. You'd get an IP and the network connection appeared live, but you couldn't access the internet. Likewise if you connected by USB and ethernet only one worked. Power cycling the modem would refresh the 'new' device to authenticate.

It was also odd that if you disconnected the coaxial cable and powered up the Motorolla Surfboard cable modem it would work as a 32 address DHCP server (inc. sharing the USB and ethernet interfaces) but that functionality was disabled if you were connected to the Telewest network.

I haven't had to do this since I connected a router (one 'computer') about 5 years ago but I believe they dropped the requirement to register MACs a while ago.

http://homepage.ntlworld.com/robin.d.h.walker/cmtips/index.html
 
#60 ·
Aaagghh!! I just can't get my head round this at all.

I have a TiVo connected to a print server via a Wireless Netgear DG834GT, and am confused by the rule I need to set up.

I have already created a service called TiVoWeb on port 1977 as you can see from this screenshot from my router:



Do I need to put my router IP in the 'send to LAN server' bit? And then my TiVo IP in the single address in the 'WAN User' bit?

Therefore I should be able to access it externally via 'http://192.168.0.xx/1977' ?
 
#63 ·
The Bear said:
Aaagghh!! I just can't get my head round this at all.

I have a TiVo connected to a print server via a Wireless Netgear DG834GT, and am confused by the rule I need to set up.

I have already created a service called TiVoWeb on port 1977 as you can see from this screenshot from my router:



Do I need to put my router IP in the 'send to LAN server' bit? And then my TiVo IP in the single address in the 'WAN User' bit?

Therefore I should be able to access it externally via 'http://192.168.0.xx/1977' ?
No.

You put your TIVO IP address in the 'send to LAN server' bit. This will forward all traffic on port 1977 to your TiVo (you need to make sure your TiVoWeb is listening on port 1977)

The 'Service' just tells the router what to call traffic on that port. It's the firewall rule that does all the work.
 
#64 ·
Thanks worm.

EDIT - Nope still not working as I've realised I haven't told Tivo to listen to that port. How do you edit the tivoweb.cfg to do this, and also to create a password for remote access?

As you can tell I'm completely new to this. I've looked around the site for info on this sort of stuff but it doesn't seem easily available to the complete beginner.
 
#65 ·
The Bear said:
I've already seen your pics Carl but it is a different menu as in my screenshot.
Sorry. Assumed they were all the same (or at least similar) interfaces :)

The Bear said:
How do you edit the tivoweb.cfg to do this, and also to create a password for remote access?
For that, you need to...

1. telnet into your Tivo
2. issue the command
Code:
cd /var/hack/tivoweb-tcl
3. edit tivoweb.cfg (using joe for example) to add port, passwords, etc.. Like this...
Code:
UserName = [something]
Password = [something]
Port = 1977
 
#67 ·
Thanks, but cd /var/hack/tivoweb-tcl gives me a 'No Such File Or Directory' error.

It's tivowebplus v1.2.2, and I've been told by the owner that the tivoweb.cfg file is in /var/tivowebplus but I still can't work out how to access it.

Why is there not a simple 'config' option in tivoweb itself? It'd make things a hell of a lot easier!!
 
#69 ·
The Bear said:
Thanks, but cd /var/hack/tivoweb-tcl gives me a 'No Such File Or Directory' error.

It's tivowebplus v1.2.2, and I've been told by the owner that the tivoweb.cfg file is in /var/tivowebplus but I still can't work out how to access it.
You sure? In that case its..

Code:
cd /var/tivowebplus
It should really be under the /var/hack directory.

Why is there not a simple 'config' option in tivoweb itself? It'd make things a hell of a lot easier!!
No idea. Care to write one? ;):p:D
 
#75 ·
Shouldn't be - should be for all access

and manolan is correct - the address you use to access your TiVo from outside your LAN is not 192.168.0.xx - that is an internal address for your local network.

The address you would use is the IP assigned to you by your ISP (either static or dynamic depending on what they do) or the DNS address that is assigned (my ISP assign a DNS address by default)

That is quite a technical description, but it's quite an easy thing to sort - your router status page will tell you what IP is being used, as will any of a thousand online lookup sites. It's worth finding out if yours is dynamic or static though because if it's dynamic then you're going to have trouble connecting from the outside on a regular basis without a DNS address.
 
#76 ·
worm said:
and manolan is correct - the address you use to access your TiVo from outside your LAN is not 192.168.0.xx - that is an internal address for your local network.

The address you would use is the IP assigned to you by your ISP (either static or dynamic depending on what they do) or the DNS address that is assigned (my ISP assign a DNS address by default)
Ah I see. My ISP states it is a dynamicIP, but whenever I do a lookup it is always the same?

So theoretically I would put 'http://my.pc's.ip:1977' to access that port externally, but how does that then load Tivoweb?
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top