NanoKVM?
- Thread starter Greg_E
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Im starting to research them as well. They have a pci version which may help move me off server hardware to consumer levels and save money.
seems like someone posted a video online about the security flaws and they are starting to address them. dont have the link at the moment but I believe it’s on the github for download software updates.
seems like someone posted a video online about the security flaws and they are starting to address them. dont have the link at the moment but I believe it’s on the github for download software updates.
Well, mine boots. Waiting for some cables and a bigger SD card before trying it, a 16GB card seems to be too small when I try to copy a 2GB image into the folder that wasn't present.
It does ask that you change the default password.
It does still have baked in DNS servers to 8.8.8.8, 8.8.4.4, and 192.168.0.1.
For whatever reason, it is not finding the update web site so I may need to figure out how to update the application manually.
I also need to go back through and read how to change the baked in DNS, if it is going to be a DHCP device, then I want it to use the DNS provided from the DHCP lease.
No where does it list the MAC address of this device, I ended up pulling it out of my firewall logs. Now I can set an IP reservation for it.
There is no where in the web gui to set a manual IP address or any other networking parameters.
There is no way to upload a bootable image from the web gui, you can try SCP but it almost looks like an after thought. I may try this after I get a larger card.
The Lite version (the one I bought) is currently on Amazon for $35 (plus the cost of an SD card). The price on the bigger version that comes with an SD card is at the same price as a JetKVM, and I think the JET is probably a better choice for the same dollars.
I'll have to see what I need to do to get this updated and working the way I want before I really condemn it. It might be nice, it might not, but it definitely is still a young product and needs to grow a little bit.
It does ask that you change the default password.
It does still have baked in DNS servers to 8.8.8.8, 8.8.4.4, and 192.168.0.1.
For whatever reason, it is not finding the update web site so I may need to figure out how to update the application manually.
I also need to go back through and read how to change the baked in DNS, if it is going to be a DHCP device, then I want it to use the DNS provided from the DHCP lease.
No where does it list the MAC address of this device, I ended up pulling it out of my firewall logs. Now I can set an IP reservation for it.
There is no where in the web gui to set a manual IP address or any other networking parameters.
There is no way to upload a bootable image from the web gui, you can try SCP but it almost looks like an after thought. I may try this after I get a larger card.
The Lite version (the one I bought) is currently on Amazon for $35 (plus the cost of an SD card). The price on the bigger version that comes with an SD card is at the same price as a JetKVM, and I think the JET is probably a better choice for the same dollars.
I'll have to see what I need to do to get this updated and working the way I want before I really condemn it. It might be nice, it might not, but it definitely is still a young product and needs to grow a little bit.
Make of that what you will. Definitely some security questions around NanoKVM.
Response to concerns about NanoKVM security · Issue #301 · sipeed/NanoKVM
In apalrd's recent video (https://www.youtube.com/watch?v=plJGZQ35Q6I), apalrd raised several security concerns regarding NanoKVM. We have carefully watched the video—some parts are fair, while oth...
github.com
That's the thread.
New cards arrived crushed and broken. But still playing with it for a little bit on the small card...
DNS seems to be broken! I can ping out to 8.8.8.8, but can not ping out to google.com or microsoft.com, nslookup fails as well.
Updates are not working (still) but I do see some IP entries as follows, this was not tied to any actions that I created, not tied to trying to get an update.
114.114.114.114
119.29.29.29
Use your favorite WhoIs to look them up if you want, they are in China.
Watching IP addresses through my firewall to try and see what it is doing. If I can't stop them, I may just block those connections. I can see the DNS requests, not even NTP (pool.ntp.org) is successful. I see requests for cdn.sipeed.com during the time frame where I was requesting the updates. I do not see any names that might be associated with the above IP addresses, so that's funny!
I think I need to unplug this for now, at least until I can get DNS and maybe get the update figured out. Not feeling very trusting right now.
New cards arrived crushed and broken. But still playing with it for a little bit on the small card...
DNS seems to be broken! I can ping out to 8.8.8.8, but can not ping out to google.com or microsoft.com, nslookup fails as well.
Updates are not working (still) but I do see some IP entries as follows, this was not tied to any actions that I created, not tied to trying to get an update.
114.114.114.114
119.29.29.29
Use your favorite WhoIs to look them up if you want, they are in China.
Watching IP addresses through my firewall to try and see what it is doing. If I can't stop them, I may just block those connections. I can see the DNS requests, not even NTP (pool.ntp.org) is successful. I see requests for cdn.sipeed.com during the time frame where I was requesting the updates. I do not see any names that might be associated with the above IP addresses, so that's funny!
I think I need to unplug this for now, at least until I can get DNS and maybe get the update figured out. Not feeling very trusting right now.
I'm not going to be able to fix the code, but I can certainly provide info that I see.
I should probably mirror the switch port and capture EVERYTHING to a server, I'll have to think about this and see what the best way to gather the data might be, my Mikrotik switch might be able to grab this stuff and spit it out to a USB drive, I'll look into this when I have time. But for right now, it is staying disconnected until at least Monday when the new card will be here and maybe I can figure out some fixes before then, and hopefully fixes that can be done before the first boot from a fresh image. Wish I had better Linux skills!
[edit] looks like the Torch tool in RouterOS will do what I want, or at least close to what I want. I'll have to figure it out.
I should probably mirror the switch port and capture EVERYTHING to a server, I'll have to think about this and see what the best way to gather the data might be, my Mikrotik switch might be able to grab this stuff and spit it out to a USB drive, I'll look into this when I have time. But for right now, it is staying disconnected until at least Monday when the new card will be here and maybe I can figure out some fixes before then, and hopefully fixes that can be done before the first boot from a fresh image. Wish I had better Linux skills!
[edit] looks like the Torch tool in RouterOS will do what I want, or at least close to what I want. I'll have to figure it out.
Last edited:
I think this is how I'm going to need to capture this, RouterOS has a sniffer built in, and among other things you can isolate a single physical port. Then I think I need to stream it out to Wireshark for collection.
I did ask Mikrotik if it's possible to just capture to a USB drive, waiting on a reply.
I did ask Mikrotik if it's possible to just capture to a USB drive, waiting on a reply.
I haven't forgotten about this, just haven't had time to fool with it again. Microtik no longer answers questions directly, they referred me to their forum. I think the best way to do this is packet filter on the switch, and stream that info back to wireshark on another computer. Need to get that set up.
Other computer will be my ClockworkPi uConsole with RaspberryPi cm4 and Parrot Security OS, this is one of the functions I bought this computer for, so might as well dig in and learn to use it. Only downside is that I only have USB to ethernet, so 100mbps max. They didn't expose the gigabit or PCIe on this device as the cm4/5 were an afterthought. I also have a Devterm but finding it hard to use these days without dropping another $80 on it for a cm4.
Other computer will be my ClockworkPi uConsole with RaspberryPi cm4 and Parrot Security OS, this is one of the functions I bought this computer for, so might as well dig in and learn to use it. Only downside is that I only have USB to ethernet, so 100mbps max. They didn't expose the gigabit or PCIe on this device as the cm4/5 were an afterthought. I also have a Devterm but finding it hard to use these days without dropping another $80 on it for a cm4.