Failed Attempts to Log into my Synology NAS

Lee

Lee

Lee

Associate
Joined
21 Dec 2006
Posts
474
Location
Northampton
Hi, not sure if this is the right section or not.....anyway, my Synology NAS (running latest version of DSM (6.2.2-24922 Update 4)), has alerted me to some failed login attempts on the "admin" account. The "admin" account is disabled. When I look at the source IP addresses (there have been several attempts over the last 2 days), they originate from China.

Should I be concerned about the security of my NAS or anything else on my network ?
 
Hi @randal , yes I have the relevant ports forwarded via my Virgin Hub 3 for the DSM photo, file, drive and video services so that I can access them from anywhere. There are some port forward rules that have been added by UPnP on the router and I'm not sure what these are......should this worry me ?

edit.....bizarrely after refreshing these other port forward rules seem to have disappeared.....(maybe old cached info ??)....and no other externally facing services at the moment...although I have dabbled with that in the past
 
Likely one of two things has happened:

1) You've either wittingly (or unwittingly via UPnP) forwarded either HTTPS or SSH to the outside world for remote access, which means the hordes of bot nets and hackers out there combing through residential IP ranges across the world all day and every day have spotted that you're running an SSH/HTTPS server and are now trying to breach it via brute force, or password list type attacks.

2) There's a vulnerability in one of the other services that has allowed an attacker to get access to the the admin login page, either spoofing headers or something like that to get access.


Either way, neither situation is ideal. If you're always accessing the services on your Synology via the same device(s), then I would strongly suggest setting up a VPN to your home setup to minimise your attack surface. Using a VPN means multiple layers of authenticate can be/are required (certificates, preshared keys, user/pass, or even 2FA if you're so inclined) on top of a much smaller and less-common port range needing to be exposed to the outside world.

The other question is: "Do you really need to access that stuff whilst you're away from the house?" If so, secure it with a VPN. If not wait till you get home or use a public service and let someone else do the security for you, then lock down the homestead.
 
So, yes, the management interface on the NAS is an HTTPS web server. It's open to the outside world so that I can stream my media whenever I want and access the Photo collection. Thanks for the advice. There is a 2FA capability, so I'll probably enable that.
 
Lee said:
Should I be concerned about the security of my NAS or anything else on my network ?
Click to expand...

Yes you should. The Chinese are after anything and everything and won't hesitate to use you as a springboard. And yes, UPNP should be disabled.

With regards to port forwarding, remember that the outward facing port can be different from the inward port. For example you could access your router on port 44458 and have that forwarded to port 80 on your NAS.
 
You must log in or register to reply here.
Back
Top Bottom