# security issues with networked tivo ?



## b166er (Oct 24, 2003)

Hi,

I'm wondering what issues may arise of having my Tivo networked now. It's connected to a router that keeps my DSL connection permanently alive, so it's always connected to the internet. Naturally the router has a firewall, so there's some protection there, but they're not 100% secure. There are open ports. Not any that I've specifically additionally opened, but there are open ones.

Does anyone have scare stories of hackers getting into their tivo and back out into their local network ? Or just generally causing havoc within the tivo ? I know there's no trojan's running on the tivo that enable hacker tunnels but still have some concern.

I just tried connecting to it from a remote PC and was pleased to see the following (ip address altered to 1.2.3.4 for posting here):

C:\WINDOWS>ping 1.2.3.4

Pinging 1.2.3.4 with 32 bytes of data:

Request timed out.

Ping statistics for 1.2.3.4:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

C:\WINDOWS>telnet 1.2.3.4
Connecting To 1.2.3.4...Could not open connection to the host, on port 23:
Connect failed

C:\WINDOWS>ftp 1.2.3.4
Connected to 1.2.3.4.
Connection closed by remote host.

I also couldn't see the tivoweb page via http://1.2.3.4 which is also good (for now)...

Once I open up tivoweb page to the net am I opening up myself to a much increased risk? Is there any way to password protect the tivoweb page, or at least obfuscate the URL sufficiently that nobody would guess it? e.g. http://1.2.3.4/ofiehfhg882834832


----------



## Fozzie (Sep 3, 2001)

I would say in order of security, LEAST secure first:

1. Port forward on router 80 to 80; password on Tivoweb.
2. Port forward on router wxyz to 80; password on Tivoweb.
3. Orenosp on PC (secure proxy to Tivoweb), running on _non-standard_ port; port forwarded on router. No need for password on Tivoweb.
4a. Dropbear SSH server running on Tivo, running on _non-standard_ port; port forwarded on router. No need for password on Tivoweb.
4b. SSH server running on router running on _non-standard_ port; port forwarded on router. No need for password on Tivoweb.

Security of 4a & 4b will be the same, it's just a question of which box is doing all the SSH work. I've used 3, then 4a then 4b and all have worked fine. There's plenty of exisiting threads describing how to do all the above, if you have a quick search.

To answer one of your questions, I've not read on here about anyone being succesfully hacked via Tivo; but then if the hacker is any good, you wouldn't know anyway!


----------



## b166er (Oct 24, 2003)

Thanks Fozzie. Will need to search for Orenosp and Dropbear to see which seems best for me. For now I'm happy that without opening a port yet for tivo to become visible I'm secure


----------



## sanderton (Jan 4, 2002)

First off, if you haven't opened any ports on your router's firewall, and you don't want to access your TiVo from outside of your LAN, then you need do nothing and you are perfectly safe. Despite what you say, there should be no open ports unless you have configured them. That's what the firewall's for.

Further, unless you've configured NAT & port forwarding, any hacker has no way of knowing your TiVo is even there.

I have heard no stories at all of anyone actually hacking a TiVo, although if left unprotected the TiVo can supposedly be crashed by lots of incoming packets it doesn't understand.

I operate at security level 1 on Fozzies list and have had no problems. You password protect the TiVo by editing it's config file.


----------



## RichardJH (Oct 7, 2002)

Stuart is there a simpletons explanation to how I can get access to my 2 Tivos from outside my home network. At present I have 2 Tivos and I PC wired to a Linksys WRT54G and a laptop that accesses via wireless. I have read through several threads about security and various other aspects of Tivo access but have only ended up confused.

All I want to do is access Tivoweb when away to check or change what Tivo is to record.

Any help would be appreciated

Richard


----------



## b166er (Oct 24, 2003)

RichardJH said:


> Stuart is there a simpletons explanation


Here's how I understand things (as a fellow simpleton).

Your router will be maintaining your internet connection for you and you'll probably be getting a different IP address each time it's forced to renew. If you're keeping the same IP address each time (which my Mum does via NTL cable) it makes things easier.

Two things need to happen for you to be able to see your Tivo from outside your network. You need to know the IP address, and the relevant port (80) needs to be open. If your ip address is 1.2.3.4 and you open port 80 in your routers config, then http://1.2.3.4:80 from any PC anywhere will get you into your tivoweb login page. You can open port 12345 and map it to port 80 in your router for a little obfuscation, then you'd access http://1.2.3.4:12345 instead.

If you get a different IP address each time your connection is remade then you'll need a dynamic DNS service. There are free ones and someone will post a link to the best (I forget the URL right now). There you maintain some unique name for yourself and use that to access your tivo instead of the hard-coded IP address. Your tivo needs to keep the server at your dynamic DNS provider regularly updated with what it's IP address by some kind of regular ping I imagine. So if there was a site called myfreedns.com and you chose the name scooby then you'd use http://scooby.myfreedns.com:12345 to access your tivo.

Adding a userid/password to tivoweb would seem a wise thing to do, especially if the hackman module is installed.

That's the info I've gathered from these threads and filled in the holes myself. I haven't done this yet but I hope to before the end of the month when I need to travel to NYC for a while.


----------



## sanderton (Jan 4, 2002)

You missed one part out - your router need to be set up to send packets intended for the Tivo to each machine. This is usually done using port forwarding and NAT. You set up your router so that any data it receives on port 1234 is sent to the TiVo on port 80. If you have two tivos then you make port 1235 forward to the other one.


----------



## RichardJH (Oct 7, 2002)

Thanks for that info but still not sure.
I will have a fixed IP I guess because I am on cable broadband (Telewest)
is the IP that one or the one allocated to Tivo and how do I sort it out so that I can access either of my Tivo's


----------



## AMc (Mar 22, 2002)

Visit http://www.whatismyip.com/ from a machine on your home network and it will give you the IP of you cable modem.
You then need to set up port forwarding on your router so that a port i.e. 1234 is forwarded to the 1st Tivo's local IP address on port 80 and port 1235 is forwarded to the second Tivo's IP local address.

Just because you generally have the same IP on Telewest doesn't mean it's actually fixed. A power cut or loss of service in your area could change your cable modem's IP address though it's more common on ADSL connections as I understand it.


----------



## Fred Smith (Oct 5, 2002)

In my experiance cable modem dynamic IP address's are almost static (on NTL). But just in case I run Dynamic IP on my server PC.


----------



## Fozzie (Sep 3, 2001)

No need to run an external application to update DynDNS; with a bit of jiggery pokery, TiVo can do it itself 

I've attached two zips with the necessary components:

1. Edit 'dnsupd' and 'dnsupd_forced' with your DynDNS username, password and domain. Put the 2 scripts in to /var/hack and chmod 755 them.
2. Put 'wget' in /var/hack/bin and chmod 755 it.
3. Edit 'resolv.conf' to reflect your ISP's DNS (the included file has my two NTL ones). Make a backup copy of /etc/resolv.conf and then copy over the new one. (You'll probably need to make the partition read/write first and then change it back to read-only afterwards.)
4. Put 'libresolv.so' in to /var/hack/lib. Chmod 755 it then type:
'ln -s /var/hack/lib/libresolv.so /var/hack/lib/libresolv.so.2'
5. Finally, add the following 2 entries in to crontab:

05 02,14 * * * /var/hack/dnsupd > /var/log/dnsupd.log 2>&1
15 02 1 * * /var/hack/dnsupd_forced > /var/log/dnsupd_forced.log 2>&1

With a bit of luck, Bob's your uncle, DynDNS will be updated twice daily if your IP changes (edit the crontab if you wish to check more frequently) and a forced update will take place on the first of each month (to prevent your DynDNS account from being deleted for inactivity).

Inspiration for the scripts came from here: http://www.nslu2-linux.org/wiki/HowTo/DynDNSupdate

Resolver files came from the ozTivo website here: http://minnie.tuhs.org/TiVo/files/libresolv/

All usual disclaimers: most of this has come from other sources and if you break your TiVo, it's your own fault!


----------



## b166er (Oct 24, 2003)

Did you forget the attached zip or am I being a drongo and not seeing it?


----------



## Fozzie (Sep 3, 2001)

Doh! I was doing it remotely and hadn't noticed that the single zip was too big to upload. Apologies.


----------



## b166er (Oct 24, 2003)

Fozzie said:


> No need to run an external application to update DynDNS; with a bit of jiggery pokery, TiVo can do it itself


I managed to do it even easier than that  My cheapo cheapo 20 quid router has a dynamic DNS section. It knows of the top 3 dyndns providers. You enter your user id/password/hostname and each time it has to acquire a new IP address (once a day usually with my DSL) it logs into the dyndns account and updates the IP address. I've been testing it by manually disconnecting it and it's working great. I can access my tivo remotely 

QUESTION : I'm sure I read somewhere (but can't find it with search) that if you don't do something or other once a month with dyndns.org then they close (or freeze) your account. Does anyone know what it is that needs doing?

woah look at the time, where does it go? I must be having fun


----------



## Fozzie (Sep 3, 2001)

b166er said:


> I managed to do it even easier than that  My cheapo cheapo 20 quid router has a dynamic DNS section. It knows of the top 3 dyndns providers. You enter your user id/password/hostname and each time it has to acquire a new IP address (once a day usually with my DSL) it logs into the dyndns account and updates the IP address.


I know, mine does the same. I was responding to Fred Smith whose router doesn't have that functionality and so was running an external application on his PC. I was merely suggesting that he didn't need to as it can all be done from TiVo 



b166er said:


> QUESTION : I'm sure I read somewhere (but can't find it with search) that if you don't do something or other once a month with dyndns.org then they close (or freeze) your account. Does anyone know what it is that needs doing?


It's on the DynDNS website. If your account hasn't been updated after 35 days, they assume it is dormant and so will delete it. One solution is to just manually log in to your DynDNS account and refresh the IP information. Also, some of the external apps (e.g. DirectUpdate) detect if you haven't updated after a certain period of time and force an update.

I'm not sure if any of the routers are clever enough to do this yet; I'm pretty sure that the Linksys ones DON'T (even running third-party firmware like dd-wrt). Therefore, you run the real risk of losing your DynDNS account.

Prior to upgrading my router I was using both the scripts above to automatically detect if my IP had changed and to also force an update on the 1st of each month. Now my router does the automatic detection, I have stopped running that script on TiVo but left the forced update one to run, so that I don't lose my DynDNS account.


----------



## b166er (Oct 24, 2003)

Fozzie said:


> It's on the DynDNS website. If your account hasn't been updated after 35 days, they assume it is dormant and so will delete it. One solution is to just manually log in to your DynDNS account and refresh the IP information. Also, some of the external apps (e.g. DirectUpdate) detect if you haven't updated after a certain period of time and force an update. I'm not sure if any of the routers are clever enough to do this yet;


I got the impression that my router is doing the right thing.

Each time it has to get a new IP, it logs into dyndns and updates the IP. Do you think that's not enough? Do I need to manually go to their www.dyndns.com page and login that way? Here's what my dyndns router page looks like (note I changed the hostname and login account to demo values (but didn't click apply) just to take the screenshot. Notice how it uses the members.dyndns.org so it can login.


----------



## Fozzie (Sep 3, 2001)

b166er said:


> Each time it has to get a new IP, it logs into dyndns and updates the IP. Do you think that's not enough?


NO. Like I said, if your account hasn't been updated for 35 days i.e. your IP address hasn't changed and so your router will not have not automatically updated DynDNS, your account will be DELETED and you may well lose your domain name (as well as the hassle of not being able to remotely get in to TiVo, if you are away!)



b166er said:


> Do I need to manually go to their www.dyndns.com page and login that way?


Only if you want to:
a. Check the status of your account e.g. date of last update.
b. Manually refresh the IP address to prevent the account from being seen as dormant and getting deleted.

You don't need to do b. if you upgrade (i.e. pay $10 per year) for your DynDNS account, or your router/external PC application detects if no updates have taken place after a certain time period or, if you run my script on TiVo to manually force an update (or, if you're 100% certain that your external IP address changes at least every 35 days).


----------



## b166er (Oct 24, 2003)

Fozzie said:


> NO. Like I said, if your account hasn't been updated for 35 days i.e. your IP address hasn't changed and so your router will not have not automatically updated DynDNS, your account will be DELETED


Ok, confusion over. I got the feeling that what my router was doing, when the IP address *DOES* change might not be enough to keep the account alive. As my DSL provider require a new IP once a day I'm all good  Thanks for the clarification.


----------



## Fozzie (Sep 3, 2001)

No problem - you should be fine  I just raise the issue because I don't think many people are aware of the 35 day limit and that generally peoples IP addresses do change within that time period, for one reason or another. I presume that re-booting the router would also send an update to DynDNS but then you have to be careful of not getting blocked for an abusive update (defined as one where the IP address hasn't changed); I think they allow the odd one or two though, thank goodness!

There was someone on another thread whose remote access suddenly stopped, even though everything was running fine. However, trying to ping his DynDNS hostname resulted in an unknown host reply; probably due to his account being deleted.

Enjoy the rest of your TiVo hacking; I notice you popping up all over the place. Just waiting for you to appear in the HAckman and Dailymail threads...


----------



## b166er (Oct 24, 2003)

Fozzie said:


> No problem - you should be fine


Coolness 



Fozzie said:


> Enjoy the rest of your TiVo hacking; I notice you popping up all over the place. Just waiting for you to appear in the HAckman and Dailymail threads...


Don't like the idea of Hackman. I looked at it (the screenshot) and don't think I need it. As I'm now publicly networked it's one more risk.

Dailymail intrigues me, just need to look into that more. That might be my next hack


----------



## Fred Smith (Oct 5, 2002)

Fozzie said:


> I know, mine does the same. I was responding to Fred Smith whose router doesn't have that functionality and so was running an external application on his PC. I was merely suggesting that he didn't need to as it can all be done from TiVo


Fozzie,
I was actually repying to RichardJS,  but thanks for the info anyway.

However as I run Orenosp, Digiguide web edition; UPS monitoring, Unreal streaming and a webcam (for security monitoring) on my server PC adding Dynamic IP was no problem.

Also as I have only had two IP addresses in three years with NTL, it's as I said just in case for the future.

I have in-fact set Dynamic IP to e-mail me only as I do not need DyDNS update facility. Actually DyDNS stopped my account, as I could not be bothered to login monthly as there were no IP address changes to report. But for those on normally dynamic IP I have no doubt it is a very useful service.

b166er,

The more important items in Hackman can be password protected. Personally I find it a very useful addition.


----------



## cwaring (Feb 12, 2002)

RichardJH said:


> I will have a fixed IP I guess because I am on cable broadband (Telewest)...


As you may by now have discovered, Richard, you don't have a static IP with TW  Okay, it might not change that often, but it's not _specifically_ "fixed" 

Personally, the 'penny has dropped' as to how I should configure my system and I now have access to my Tivo from the internet  It's amazing what getting up early can do for you 

Question: Is using port 8080 and a p/w-protected Tivoweb enough basic security? Is 8080 *too* obvious a port to use? Don't suppose it matters with the p/w-protection does it?


----------



## AMc (Mar 22, 2002)

I would avoid using 80 or 8080 as these are likelyto be port scanned on a regular basis.
Back when I ran one PC direct to my TeleWest cable modem, Zonealarm reported port scans so regularly I turned off notification.
The security of your Tivo is probably not at risk but it could get flooded with packets and that could upset it's little processor.

I'm up in the 2000's and haven't had any problems in the week or so I've had a port forward on my router.

Ain't Tivo hacking marvelous? My Sky+ed colleague was gobsmacked that I could run my Tivo from the office


----------



## hornist (May 13, 2002)

Personally I'm a bit concerned about the simple password protection built in to the TiVo. It seems to protect correctly when I access TiVOweb from a PC using mainstream web browsers. But I have another computing device which, if I point its browser to my TiVO, takes me straight in without asking for a username or password. I won't say what the device or software is because I don't want to advertise the weakness!

So this would seem to indicate a weakness in that method of TiVO security.

I also use an obscure external port number for mine, but beyond that I just take the attitude that, after all, it's only a video recorder (OK, a very good one to which I am quite attached, but you know what I mean!).

Paul


----------



## sanderton (Jan 4, 2002)

Sure you didn't once log in with that "device" and it's cached the username and password?


----------



## Fozzie (Sep 3, 2001)

hornist said:


> ... but beyond that I just take the attitude that, after all, it's only a video recorder....


A slightly naive attitude? I would have thought that a computer with an operating system, hard drive, network capability and the ability to record TV programmes was a slightly more accurate descripton? 

So you don't mind me nipping round to your house and popping a unix box on your home network and saying "trust me, it's just a video recorder"?


----------



## hornist (May 13, 2002)

sanderton said:


> Sure you didn't once log in with that "device" and it's cached the username and password?


I did wonder that myself. I don't ever remember doing so, and I can't see any options to view or clear such a cache if it does keep one. I'll do a bit of digging around though with regard to this device.

Paul


----------



## hornist (May 13, 2002)

Fozzie said:


> A slightly naive attitude? I would have thought that a computer with an operating system, hard drive, network capability and the ability to record TV programmes was a slightly more accurate descripton?
> 
> So you don't mind me nipping round to your house and popping a unix box on your home network and saying "trust me, it's just a video recorder"?


OK fair point. On the other hand is remote TiVO hacking a widespread problem? If someone can convince me that the risk is significant then I'll take measures beyond the simple (possibly weak) password protection and an unusual port number.


----------



## RichardJH (Oct 7, 2002)

Try as I may I cannot get to grips with this remote access to my 2 Tivos. I have them networked to a Linksys WRT54G router and from both my main PC and my laptop (wireless) I can get to Tivoweb on both and as far as home network all is great. I would like to occasionaly have access from outside my home network. I have read through this thread and others plus lots of googe searchs and made some changes to the router configuration but when I found I was getting nowhere I reset those configurations. I have set up a host name with dyndns.com using the mine.nu domain and from my own PC when I do www.*******.mine.nu I get to the router login page and when I set up port forwarding to my Tivo1 using port 80 and the used www.*******.mine.nu from te PC I went straight to Tivoweb.
How do I sort out the port redirect for both Tivos as


> Originally posted by Sanderton
> You missed one part out - your router need to be set up to send packets intended for the Tivo to each machine. This is usually done using port forwarding and NAT. You set up your router so that any data it receives on port 1234 is sent to the TiVo on port 80. If you have two tivos then you make port 1235 forward to the other one.


----------



## b166er (Oct 24, 2003)

RichardJH said:


> Try as I may I cannot get to grips with this remote access to my 2 Tivos.


Sounds like you just need to ensure there are two external ports exposed. One mapped to tivo1, the other to tivo2. I've only got one tivo and it's on port 8081. If I had another I'd have it on port 8082 I expect. I modified my router settings (without saving) and did a screenshot of how it would look if I did have two tivos.


----------



## RichardJH (Oct 7, 2002)

Thanks for the reply I can see what your getting at but not sure what to implement on my router Linksys WRT54G. In the Applications and gaming menu it has sub menus for port triggering and port forwarding and up to now I haven't got anything to work so heres hoping that someone using the same router can give some easy instructions to me.


----------



## cwaring (Feb 12, 2002)

Not sure if this will help or not, but here are the settings that I use and it works perectly 

They're named to be self-explanatory. All you need to do in your browser then is to use your DynDNS name with the port number as required.


----------



## RichardJH (Oct 7, 2002)

Thanks Carl but I think I need some help with my particular Linksys setup as it seems to vary considerably from yours as far as menus are concerned.


----------



## b166er (Oct 24, 2003)

RichardJH said:



> Thanks Carl but I think I need some help with my particular Linksys setup as it seems to vary considerably from yours as far as menus are concerned.


If you're able to post some screenshots here, then perhaps someone will have some suggestions. I have a WAP54G access-point and it doesn't offer that kind of thing (but then it's not a router so it's no surprise).


----------



## RichardJH (Oct 7, 2002)

Not sure about screenshots but the user manual is here http://www.linksys.com/servlet/Sate...roductDownloadSearch&sp_prodsku=1123637915061 
if you have time to help.


----------



## sanderton (Jan 4, 2002)

Looks to me like you need the Applications and Gaming tab, Port Range forward.

Chooose two external port numbers and set them to forward to the internal IP of each Tivo. TCP only.

As far as I can see the Linksys doesn't support changing the port as it forwards, you you'll need to change the port TiVoWeb works on for each TiVo to be the same as the external port you have chosen by editing the TW .cfg file.


----------



## RichardJH (Oct 7, 2002)

Stuart that certainly looks like the answer  and now the question  is there a best port number to choose to help with security of Tivo


----------



## Fozzie (Sep 3, 2001)

cwaring said:


> Not sure if this will help or not, but here are the settings that I use and it works perectly
> 
> They're named to be self-explanatory. All you need to do in your browser then is to use your DynDNS name with the port number as required.


Carl,

Are we not supposed to see carlw.homeip.net or the user name 'carlw'  A quick port scan and a dictionary attack of a 6 character password and you'll be watching endless showings of Eastenders


----------



## Fozzie (Sep 3, 2001)

@RichardJH

Of course the other thing you could do is re-flash your router with 3rd party firmware (something like www.dd-wrt.com). This then gives you shed loads of extra functionality - things like individual port forwarding (which will also allow you to define a different destination port from the source port), built in SSH server etc etc


----------



## thepicman (May 5, 2004)

sanderton said:


> Chooose two external port numbers and set them to forward to the internal IP of each Tivo. TCP only.


Sorry, why TCP only?

-TPM


----------



## cwaring (Feb 12, 2002)

Fozzie said:


> Carl,
> 
> Are we not supposed to see carlw.homeip.net or the user name 'carlw'  A quick port scan and a dictionary attack of a 6 character password and you'll be watching endless showings of Eastenders




Well, it was done in rather a hurry this morning. Shoulda taken a bit more time. Still, if you have the time to get that password and then my Tivoweb user/pass* as well, you deserve some sort of award 

(*Not the same, and they all use letters AND numbers )

Go on then. I dare ya


----------



## Fozzie (Sep 3, 2001)

thepicman said:


> Sorry, why TCP only?
> 
> -TPM


Because that's what http, telnet & ftp use.


----------



## b166er (Oct 24, 2003)

Fozzie said:


> Because that's what http, telnet & ftp use.


Is anyone really brave enough to enable telnet and ftp ports?


----------



## Fozzie (Sep 3, 2001)

b166er said:


> Is anyone really brave enough to enable telnet and ftp ports?


I don't think it's a question of being brave. Only the foolish would port forward to TiVo on port 21 or 23.


----------



## RichardJH (Oct 7, 2002)

As you can guess all is now well with grateful thanks to all who have helped I now can reach both Tivo's from the big bad outside world. I chose to use ports in the high 2000's and with Tivoweb username and password plus another password added to hackman I hope I am safe.


----------



## AMc (Mar 22, 2002)

FWIW - I found conflicts in that range with my Netscreen remote VPN back into my office MS Exchange server.
I was having trouble with connection failures and a hunt in the router logs showed it was refusing external connections.
TBH it's probably my router being fussy but I went up another 1000 and don't have problems now.


----------



## thepicman (May 5, 2004)

Not sure if I should post this in the Dailymail_jazz or here..

I now have outside access through a port change and a password addition to Tivo Web Plus. The problem is, if I change my tivo's IP in the Dailymail_jazz.cfg file to reflect the port change, DMJ (v1) cannot open a socket to send the email. If I leave the IPs without the port change, mail goes out, but the hyperlinks don't work. 

Do any of you have a workaround?


----------



## thepicman (May 5, 2004)

thepicman said:


> Not sure if I should post this in the Dailymail_jazz or here..
> 
> I now have outside access through a port change and a password addition to Tivo Web Plus. The problem is, if I change my tivo's IP in the Dailymail_jazz.cfg file to reflect the port change, DMJ (v1) cannot open a socket to send the email. If I leave the IPs without the port change, mail goes out, but the hyperlinks don't work.
> 
> Do any of you have a workaround?


You are such a swell guy, I thought I'd answer your question. Yes, Super Aguri will make it to the grid....Oh, the Tivo question, right.

Its rather easy once you actually look at the .cfg file.  You need to set 2.1.3 to the tivo IP _with_ the different port number, but DO NOT set 2.2.7 to reflect the port number, leave it as just the Tivo IP. The set 2.3.4.5 to reflect the new port number as well. Save the .cfg file and you are good to go.

TPM


----------



## Ian_m (Jan 9, 2001)

I was worried about TiVo access from the outside world, when accessable only via port forwarding on a router so I enabled logging on the router.

As I access mainly from work I put a port forwarding rule to port forward only if from my works IP address and no logging. I put another rule to block that port from any IP address and log making sure this was below the rule above.

So port forwards from my works IP and blocks and logs if any other IP.

In nearly a year I have not had any log entries from someone trying to access my TiVo. I get loads of logs for port 21 (FTP, 23 (telnet), 80 (WWW), 137-9 (NetBios) but nothing for my TiVo port.

Oh remember to undo the block rule if going on holiday and wish to access from say a web cafe etc. Oh an make sure sure you TiVo hasn't crashed whilst on holiday (bad disk) or else you won't be able to access it !!!.


----------



## djb2002 (May 1, 2006)

Fozzie said:


> No need to run an external application to update DynDNS; with a bit of jiggery pokery, TiVo can do it itself
> 
> 4. Put 'libresolv.so' in to /var/hack/lib. Chmod 755 it then type:
> 'ln -s /var/hack/lib/libresolv.so /var/hack/lib/libresolv.so.2'


I'm trying this myself, and got to step 4. I notice though that a /var/hack/lib directory doesn't exist on my Tivo ? 

Any ideas now ?

Thanks
Daniel


----------



## Fozzie (Sep 3, 2001)

```
mkdir /var/hack/lib
```


----------



## djb2002 (May 1, 2006)

Fozzie said:


> ```
> mkdir /var/hack/lib
> ```


Thanks - I wasn't sure if it was just as simple as that, or whether I was missing some other components, with not having that directory already there.

Thanks
Daniel


----------



## djb2002 (May 1, 2006)

Doesn't seem to work 

The wget command returns the following error:

./wget: error in loading shared libraries
libresolv.so.2: cannot open shared object file: No such file or directory

Any ideas ?

Thanks
Daniel


----------



## Ben Lovejoy (Mar 14, 2003)

On the telewest IP address thing, I'm with blueyonder, and my IP address has changed precisely once in four years - which was when I needed it to. Some spammer cloned my IP for a BBS attack and the BBS blocked my access. Blueyonder support said that leaving it unplugged for 49 hours would do it, but it didn't, and I eventually had to wait until I was away on business for 10 days to unplug it long enough to get a new IP.

So for all practical purposes, blueyonder gives you a static IP address.


----------



## ColinYounger (Aug 9, 2006)

FWIW, most DHCP servers work like that - you have to be unconnected for 7 days plus for the IP address to be recycled back into the 'pool'.

On WinXP you can see what your ISP has by typing:

```
ipconfig /all
```
On my connection it says:

```
Lease Obtained. . . . . . . . . . : 31 August 2006 20:16:59
Lease Expires . . . . . . . . . . : 19 January 2038 04:14:07
```
But that's because I have my own DHCP server inbetween me and the ISP (NAT).


----------



## ColinYounger (Aug 9, 2006)

...and to complete the post...

my ISP says this is what they have:

```
Lease Obtained 05:21:15 , Thu Aug 31 2006. 
Lease Expires 05:21:41 , Tue Sep 5 2006.
```


----------



## mikerr (Jun 2, 2005)

If you want an "instant" fresh IP address, you only need to change the MAC address of the device connected directly to the cable modem.

this can be done on your routers config page if using a router (and you can make up any MAC address) ... or change the network card if connected directly, or connect with your laptop instead.


----------



## ColinYounger (Aug 9, 2006)

Be aware though that some ISPs require you to 'register' your MAC address before they'll allow access. Also, I personally wouldn't recommend making up a MAC address - knowing my luck I'd get the same as someone else, which ends up in a whole new world of joy.


----------



## AMc (Mar 22, 2002)

FWIW Telewest used to use a combination of the MAC of the cable modem and the MAC of the connected network card to authenticate - so changing one wouldn't cause a clash on the TW network (as the modem itself does Network Address Translation).
You had to register the MAC of connected devices up to a limit of 5 addresses.

They used to have a condition that you were only permitted to connect one computer at a time, presumably so they didn't have to provide free Local Area Network configuration support.

The real gottcha was that if you had one computer connected and then switched the ethernet connection to another computer it would fail to connect the second machine but give no indication why. You'd get an IP and the network connection appeared live, but you couldn't access the internet. Likewise if you connected by USB and ethernet only one worked. Power cycling the modem would refresh the 'new' device to authenticate.

It was also odd that if you disconnected the coaxial cable and powered up the Motorolla Surfboard cable modem it would work as a 32 address DHCP server (inc. sharing the USB and ethernet interfaces) but that functionality was disabled if you were connected to the Telewest network.

I haven't had to do this since I connected a router (one 'computer') about 5 years ago but I believe they dropped the requirement to register MACs a while ago.

http://homepage.ntlworld.com/robin.d.h.walker/cmtips/index.html


----------



## The Bear (Sep 19, 2006)

Aaagghh!! I just can't get my head round this at all.

I have a TiVo connected to a print server via a Wireless Netgear DG834GT, and am confused by the rule I need to set up.

I have already created a service called TiVoWeb on port 1977 as you can see from this screenshot from my router:










Do I need to put my router IP in the 'send to LAN server' bit? And then my TiVo IP in the single address in the 'WAN User' bit?

Therefore I should be able to access it externally via 'http://192.168.0.xx/1977' ?


----------



## cwaring (Feb 12, 2002)

Assuming all the Netgear routers use similar setup systems/pages, take a look at my Post #32 in this thread. Save me repeating myself


----------



## The Bear (Sep 19, 2006)

I've already seen your pics Carl but it is a different menu as in my screenshot. I can't specify IP addresses when creating a service, only in creating a rule which is where I get confused!


----------



## worm (Feb 10, 2005)

The Bear said:


> Aaagghh!! I just can't get my head round this at all.
> 
> I have a TiVo connected to a print server via a Wireless Netgear DG834GT, and am confused by the rule I need to set up.
> 
> ...


No.

You put your TIVO IP address in the 'send to LAN server' bit. This will forward all traffic on port 1977 to your TiVo (you need to make sure your TiVoWeb is listening on port 1977)

The 'Service' just tells the router what to call traffic on that port. It's the firewall rule that does all the work.


----------



## The Bear (Sep 19, 2006)

Thanks worm.

*EDIT* - Nope still not working as I've realised I haven't told Tivo to listen to that port. How do you edit the tivoweb.cfg to do this, and also to create a password for remote access?

As you can tell I'm completely new to this. I've looked around the site for info on this sort of stuff but it doesn't seem easily available to the complete beginner.


----------



## cwaring (Feb 12, 2002)

The Bear said:


> I've already seen your pics Carl but it is a different menu as in my screenshot.


Sorry. Assumed they were all the same (or at least similar) interfaces 



The Bear said:


> How do you edit the tivoweb.cfg to do this, and also to create a password for remote access?


For that, you need to...

1. telnet into your Tivo
2. issue the command

```
cd /var/hack/tivoweb-tcl
```
3. edit tivoweb.cfg (using joe for example) to add port, passwords, etc.. Like this...

```
UserName = [something]
Password = [something]
Port = 1977
```


----------



## worm (Feb 10, 2005)

what he said.


----------



## The Bear (Sep 19, 2006)

Thanks, but *cd /var/hack/tivoweb-tcl* gives me a 'No Such File Or Directory' error.

It's tivowebplus v1.2.2, and I've been told by the owner that the tivoweb.cfg file is in */var/tivowebplus* but I still can't work out how to access it.

Why is there not a simple 'config' option in tivoweb itself? It'd make things a hell of a lot easier!!


----------



## The Bear (Sep 19, 2006)

Changed the rule the way you said before with the Tivo IP to the default port 80, but just get a 'cannot connect to remote server' error.


----------



## cwaring (Feb 12, 2002)

The Bear said:


> Thanks, but *cd /var/hack/tivoweb-tcl* gives me a 'No Such File Or Directory' error.
> 
> It's tivowebplus v1.2.2, and I've been told by the owner that the tivoweb.cfg file is in */var/tivowebplus* but I still can't work out how to access it.


You sure? In that case its..


```
cd /var/tivowebplus
```
It should really be under the /var/hack directory.



> Why is there not a simple 'config' option in tivoweb itself? It'd make things a hell of a lot easier!!


No idea. Care to write one?


----------



## The Bear (Sep 19, 2006)

Ok I'm in via *joe tivoweb.cfg*

How do I save once I've edited and which line is to change the title at the top left i.e My TiVo - v1.2.2?


----------



## manolan (Feb 13, 2001)

The Bear said:


> ... snip ...
> 
> Therefore I should be able to access it externally via 'http://192.168.0.xx/1977' ?


Also, 192.168.x.y should never be passed through your router, they are private IP addresses. You would access externally using your assigned IP address (fixed or leased).


----------



## cwaring (Feb 12, 2002)

The Bear said:


> How do I save once I've edited...


Ctrl+K then Ctrl+X, then type "exit" (without the quotes ) to quit the Telnet session.



> and which line is top change the title at the top left i.e My TiVo - v1.2.2?


Huh?


----------



## The Bear (Sep 19, 2006)

Cheers Carl. I was literally typing ^KX instead of pressing Ctrl!!

The previous user has his called 'xxxx's Kitchen Tivo - v1.2.2' (above where it says the theme)


----------



## The Bear (Sep 19, 2006)

I rebooted but it still lets me into Tivoweb without a password from my home PC. Is it only for external use that the login/password comes in?


----------



## worm (Feb 10, 2005)

Shouldn't be - should be for all access

and manolan is correct - the address you use to access your TiVo from outside your LAN is not 192.168.0.xx - that is an internal address for your local network.

The address you would use is the IP assigned to you by your ISP (either static or dynamic depending on what they do) or the DNS address that is assigned (my ISP assign a DNS address by default)

That is quite a technical description, but it's quite an easy thing to sort - your router status page will tell you what IP is being used, as will any of a thousand online lookup sites. It's worth finding out if yours is dynamic or static though because if it's dynamic then you're going to have trouble connecting from the outside on a regular basis without a DNS address.


----------



## The Bear (Sep 19, 2006)

worm said:


> and manolan is correct - the address you use to access your TiVo from outside your LAN is not 192.168.0.xx - that is an internal address for your local network.
> 
> The address you would use is the IP assigned to you by your ISP (either static or dynamic depending on what they do) or the DNS address that is assigned (my ISP assign a DNS address by default)


Ah I see. My ISP states it is a dynamicIP, but whenever I do a lookup it is always the same?

So theoretically I would put 'http://my.pc's.ip:1977' to access that port externally, but how does that then load Tivoweb?


----------



## worm (Feb 10, 2005)

In brief.

The request comes into your router from the internet.

It's coming in on port 1977, so your router checks the list of *services*, and finds the one that you created called 'TivoWeb' referring to port 1977.

It then checks the *firewall rules*.

If you have entered a rule (as you did above) to forward all Inbound trafiic for the 'TivoWeb service' to 192.168.0.xx (your TiVo) then is sends the request to your TiVo, otherwise it will ignore it.

If your TiVo is listening on port 1977 then it gets the request forwarded by the router and delivers the TiVoWeb page (asking for username/password if set up to do so) which the router sends back to the external requester.

Make sense?

The router just acts like a relay, translating the various addresses to allow the outside world to communicate with the TiVo on port 1977.


----------



## worm (Feb 10, 2005)

Dynamic IP - that is often the case. In theory it can change at any time, but in practive you tend to get the same one assigned for long periods - it's all to do with the way they reserve and allocate numbers.

You can get a dynamic DNS address which will allow you to get round this. For instance DynDNS. I have a Netgear DG834GT and it handles the DynDNS for me.

Baically this just means that instead of having to use http://84.56.75.21/1977 I just use http://worm.homeip.net/1977, and the router makes sure that worm.homeip.net is always pointed at the right IP address

(actaully I don't bother anymore because I have a static IP, but I used to do the DynDNS thing)

If you can't figure out the DynDNS thing, then I'm sure we can help you sort it out. I would need to wiat till I get home from work though to check all my settings etc.


----------



## The Bear (Sep 19, 2006)

Yes that makes sense cheers.

Oh and my router does indeed have Dynamic DNS options, through www.DYnDNS.org


----------



## cwaring (Feb 12, 2002)

The Bear said:


> Cheers Carl. I was literally typing ^KX instead of pressing Ctrl!!


D'oh 



> The previous user has his called 'xxxx's Kitchen Tivo - v1.2.2' (above where it says the theme)


Oh, right. Didn't know you could do that. Not got a clue


----------



## The Bear (Sep 19, 2006)

Apparently you can do it via the top of the httpd-tt.tcl file in the same directory.


----------



## thechachman (Nov 28, 2004)

Will sheepishly raise my hand and admit it is one of my old Tivos he now has


----------



## RichardJH (Oct 7, 2002)

> Apparently you can do it via the top of the httpd-tt.tcl file in the same directory.


 Posted by The Bear

Excellent I can now easily see which Tivo I am viewing thru TWP. I had already modded the theme banner in TW 1.94 to do the same thing.


----------



## thechachman (Nov 28, 2004)

You're both welcome ...


----------

