Return to forum

October 18, 2022 at 3:52 PM

I have never published before, not least because of the language barrier.

However, I've been encouraged to do so, also being active on the forum is rewarded with credits :angel:

To the point, I have a NAS open to the internet, and to no one's surprise, every day I received intrusion attempts. As we all know this is not a real threat unless your users are useless enough to have a password like "potato123", but it is still curious to observe.

It's always the same countries, and the patterns of these types of attacks are always the same. There is clearly no real effort to gain access. Nevertheless, I will tell you the basic measures with which I have managed to keep them away:

- Change default ports.
- 2FA and blocking policies for failed login attempts.
- A smart firewall, and by smart I mean well configured.
- Keep systems up to date.
- An availability schedule tailored to the needs of the users.

I can imagine how frustrating it must be for a basic user not knowing how to get rid of this kind of attacks perpetrated by machines.

I don't expect to teach you anything you don't already know, but I hope at least to generate a healthy debate.

Regards :heart:

RoyalNavy · October 18, 2022 at 3:55 PM

put he ip from machine to only be accessible from your network.

eatcake · October 18, 2022 at 4:06 PM

"I have a NAS open to the internet" < lol that's where you fail already, either firewall it from your ips or setup a vpn having anything on the public internet is silly these days

thekilob · October 18, 2022 at 4:09 PM

(October 18, 2022, 04:06 PM)eatcake Wrote: "I have a NAS open to the internet" < lol that's where you fail already, either firewall it from your ips or setup a vpn having anything on the public internet is silly these days

Having a NAS in the first place is already a "fail".

unusor · October 18, 2022 at 7:38 PM

what is a NAS ?

DarkToken · October 18, 2022 at 10:11 PM

Qnap FTW !

idontknow1241212 · October 19, 2022 at 4:51 AM

I'd put it in a private network

October 19, 2022 at 9:31 AM

(October 18, 2022, 04:06 PM)eatcake Wrote: "I have a NAS open to the internet" < lol that's where you fail already, either firewall it from your ips or setup a vpn having anything on the public internet is silly these days

(October 19, 2022, 04:51 AM)idontknow1241212 Wrote: I'd put it in a private network

Absolutly, you are both right.

I have scheduled the migration to a VPN system with Wireguard in the roadmap. But due to end-user requirements it has not been possible so far.

The usual story, you are forced to change your initial plan due to the needs of third parties.

**254** · October 19, 2022 at 2:48 PM

Whitelist your IP range and allow them only access.