TiVo Remote Web Access

Discussion in 'TiVo Series 1 - UK' started by ifekas, Jul 29, 2006.

  1. ifekas

    ifekas New Member

    23
    0
    Aug 2, 2002
    Leicester
    I have finally got TiVo web working; and am having difficulty deciding the best way to set it up for remote access from different locations.

    I have done various searches; TiVohelp seemed to provide the most comprehensive advice, and advised against making TiVo IP accessible over the Internet via port forwarding on the router.

    However, the 'solution' was to access TiVo web through the home pc via VNC/Remote Access, etc. This may be more secure for the TiVo, but opens up all sorts of issues re computer hacking; and I would rather have a hacker delete recordings on the TiVo rather than access my personal files, and hence I am not so keen on this idea. Another drawback is that one's computer would have to be on the whole time, which is a waste of energy and contributes to carbon dioxide emissions. And also, VNC/Remote Desktop may not always be available on public terminals.

    The document goes onto say that if one makes TiVo web accessible over the Internet, one can password protect the logon (though the passwords are set in plain text) and change the port number. This would seem sufficient security for me.

    What was more concerning was the possibility mentioned of DOS attacks that could 'easily' crash the TiVo. Perhaps members who have set up their TiVos accessible on the internet could comment on whether this is the case or not.
     
  2. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    LogMeIn and GoToMyPC both provide secure access to your PC, without having to open up any incoming ports on your firewall. They both make connections using outgoing ports to central servers, and both can be accessed by web browsers from any public terminal, without software installation.
     
  3. cwaring

    cwaring VM Tivo User

    9,015
    0
    Feb 11, 2002
    Knaresboroug...
    Just to say that I've been doing it that way for about six months now, with only rudimentary password protection, and not had any problems, that I am aware of, anyway :eek: ;)
     
  4. johnnye

    johnnye New Member

    36
    0
    Oct 18, 2005
    Mine has been on the internet (via port forwarding on the router) with only the tivoweb password protection for at least 12 months without any problems.

    According to the router stats, other than an occasional blanket port scan and my own use, there haven't even been any attempts to access the TiVo from the internet.

    Compared to the damage that could be done by an open port on a PC, what is the worst that could happen with the TiVo? No attacker will know what it is :) to do anything malicious, and the only real issue might be DoS attacks but this would be very unlikely, and can be stopped if your router has the ability to recognise them.

    Of course, sod's law says that once you try it, the hackers from hell will descend and cause your TiVo to self-ignite, just as you leave to go out for the evening. Don't say you weren't warned ! ;)
     
  5. terryeden

    terryeden TiVo, Tivum, Tiva,

    371
    0
    Nov 2, 2002
    Surrey
    I've had mine on Port 80 with the standard TiVoWeb password protection (I have changed it from the default) for nearly 2 years with no trouble. I'm also using dyndns.org to provide a name rather than an IP address. Although the TiVo can't update Dyndns, my PC does every time it switches on. My IP doesn't change that rapidly to be a problem.
     
  6. AMc

    AMc Active Member

    2,623
    0
    Mar 22, 2002
    East of England
    I use a high port and password protection - no trouble in about 6 months since I first installed it.
    The accessibility is more than worth the risk to me.
     
  7. ericd121

    ericd121 Crown Topper

    1,347
    0
    Dec 12, 2002
    Milton...
    That's what I said the last time this was discussed ;) and someone suggested that a compromised Tivo would let the hacker access everything else on your network.
     
  8. johnnye

    johnnye New Member

    36
    0
    Oct 18, 2005
    Hmm, that's a good point and I may have to consider it. Most of the home PCs have a software firewall and I could exclude the static IP address of the TiVo from the trusted zone. My server doesn't have a firewall, though, for performance reasons, so that may need revising.
    Decisions, decisions, decisions, but nothing to lose any sleep over :D
     
  9. Aug 1, 2006 #9 of 28
    AMc

    AMc Active Member

    2,623
    0
    Mar 22, 2002
    East of England
    Typical - Trying to check something from work and it goes wrong!
    I get the login prompt as a windows dialogue IDed as 'Tivo-web' - so I know the IP is mine the port forward is working and Tivo is at least running something responding to HTTP.
    Put in my username and password and it just hangs.

    I assume I going to have to wait until I get home unless someone can suggest something else to prod Tivoweb remotely?
     
  10. cwaring

    cwaring VM Tivo User

    9,015
    0
    Feb 11, 2002
    Knaresboroug...
    Can you Telnet in and either re-start TW or re-boot the Tivo? That doesn't require a username/password.
     
  11. sanderton

    sanderton TiVoer since 11/2000

    6,341
    0
    Jan 4, 2002
    The chances of a TiVo being compromised is very low; even if a hacker managed to get access it's unlikely they would have any malicious binaries compiled for a Series 1 Tivo, and TiVo can't access Windows shares etc.

    I have three TiVos exposed on standard ports with only the TW password for protection for several years and have had no issues.
     
  12. AMc

    AMc Active Member

    2,623
    0
    Mar 22, 2002
    East of England
    Unfortunately I have only forwarded one external port to 80 on the internal network for Tivonet. The standard Telnet ports are closed on my router/firewall.
    I'll be home in an hour or so just a pain.
     
  13. ifekas

    ifekas New Member

    23
    0
    Aug 2, 2002
    Leicester
    Thanks for the replies.

    It is good to know that quite a number of users have got their TiVos setup for external access with the appropriate password protection, and haven't had problems, as this is what I want to do!

    I hadn't thought about hackers using the TiVo to get access to my computer; although the possibility of this is quite unlikely, I'll leave the computer's software firewall switched on.
     
  14. cwaring

    cwaring VM Tivo User

    9,015
    0
    Feb 11, 2002
    Knaresboroug...
    You shouldn't need to if your Router has one; which I thought they all did? :)
     
  15. ptruman

    ptruman New Member

    190
    0
    Jan 8, 2003
    Get an upgradeable router (mine is a Linksys WET54GS), and put a 3rd party firmware on it (I'm running Sveasoft).

    I can now access my LAN from anywhere, using the routers onboard SSH software, and then open up 'tunnels' to anything internal. It's considerably more secure than just raw port forwarding. Takes a bit of setting up, but it's well worth it :)
     
  16. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    A router's firewall won't stop a hacked TiVo from accessing other PC's on the same side of the firewall so, if this is a worry, then a software firewall on the PC would make sense.
     
  17. iankb

    iankb New Member

    6,468
    0
    Oct 9, 2000
    Reading, UK
    Although I haven't tried it, you could try to create a true DMZ (De-Militarised Zone), whereby you run two separate subnets (e.g. 10.215.x.x and 192.168.x.x) , with a second (non-ADSL) network router in-between.

    i.e. The network connected to your broadband router would have the TiVo and any other publicly-available web-server in it, while the other PC's would sit on an internal network behind the separate router. The second router would need to be allocated an external address in the DMZ's subnet. Internal PC's would pass through two firewalls and two sets of NAT address translation but, unlike with the built-in DMZ function of routers, would be fully-protected against machines in the DMZ by the second firewall.

    If this works, then you have the advantage of being able to run several machines in the DMZ, together with a single external IP address.

    [And for those who don't understand what a network DMZ is used for, it's where you put computers that must be exposed to the outside world but, if hacked, would not compromise your internal network.]
     
  18. Ian_m

    Ian_m Active Member

    1,518
    0
    Jan 9, 2001
    Southampton,...
    I wouldn't worry about it too much. I have moved my TiVoWeb to a non standard port (edit the tivoweb.cfg file) and have ADSL router (NetGear DG834G) port forwarding on with two rules.

    1st rule is port forwarding but from my works IP only with logging if not matched.

    2nd rule is same again port forwarding but from any external IP address with no logging

    Thus access from my work does not clog the logs, any access from any other IP get logged.

    In two years I have not seen anything triggering the second rule other than when I accessed my TiVo from a web Cafe in Menorca.

    Yes I know it maybe too late logging after the event/hack but I don't think its worth much more effort than simple changing of port numbers.

    Oh also I have a block rule with logging for port 80 (HTTP) and 20,21 (FTP) and 23 (Telnet) which gets quite a bit of scanning from IPs all over the place.
     
  19. The Obo

    The Obo Gotta Loooove Tivo!

    117
    0
    Feb 22, 2005
    London
    I also have a Netgear DG834G setup similar to Ian_m. Except that because of my work firewall rules I have had to leave the Tivo on Port 80 (with password protection of course). I want to use Port 80 for something else and it appears every other port is blocked from my work except for HTTPS.

    Question: Can I move my Tivo to Port 443 by simply changing the port number in the Tivoweb.cfg file?

    I use DynDNS - will https://www.mydomainname.homeip.net work? (is this the same as http://www.mydomainname.homeip.net:443?)

    Is it all as simple as this? Or is there some sort of security certificate requirement to use port 443?
     
  20. cwaring

    cwaring VM Tivo User

    9,015
    0
    Feb 11, 2002
    Knaresboroug...
    Yes.

    Yes

    No.
     

Share This Page