QUESTION :
I have external storage (HDD) attached to my router and made available to computers belonging to this network (wifi). Also, I also synchronize backups automatically to external storage in my router via ftp.
However, when I travel with my laptop to other (wifi) networks, isn’t it the case that when my computer tries to access automatically the mapped drive (e.g.ROUTER) or tries to do the automatic backup over ftp to router (e.g. 192.168.1.1), the usernames/passwords are visible to these routers/servers in the network it is connected?
I am not sure whether may question is clear, but I was starting to think, that especially in the case of scheduled backup over ftp, the username/password I use to “knock on the door” of my router should be then also visible in other networks, when I happen to be in these networks during the time of the scheduled backup?
ANSWER :
This depends on the protocol used and the network you are connected to.
Best case: The network uses a different IP address range, there is no host with the name you configured (or it can’t be resolved)
What happens: You username and password combination is (usually) safe. There is no endpoint to connect to and no authentication attempt is made.
Middle case: The network uses the same IP address range or there is a host name that resolves to an IP address you use as well.
What happens: You are mostly safe. The hosts usually don’t run the services you access and most protocols handle authentication after connection (like FTP and SMB, the ones you seem to be using). Some weird protocols might include identification or even authentication in their first packet which a rogue server might be able to steal. Make sure that you require an encrypted connection (FTPS for instance), so the authentication attempt is always secured even when unsuccessful so only the server admin is able to see the authentication attempt.
Worst case: The network is setup much like your own and might even use honeypots (ie. all authentication attempts are successful).
What happens: Your credentials are indeed in danger, especially if the operator of the honeypot knows you. Depending on the protocol used and the setup of the honeypot, the operator can get either the whole combination of username and password (as well as host name and the path you try to access) even more advanced honeypots might also allow your system to write data to the honeypot.
This is obviously the worst case as you are leaking data. This allows the operator to steal more information (thinking of backups: everything on your device).
Side note: I think this should be moved to https://security.stackexchange.com
It completely depends on auth configuration you using whether password encryption is used one auth request is sent. If no, the typical requests submitted from your laptop (using usernames/passwords) to your router can be seen by network traffic analyzer alike Wireshark