Every week I receive INFO messages about login failures and some abnormal logins added to the blocklist. Sometimes I get multiple messages about the same IP. In some instances I've had 65 hits. My ADM is fine and I cant detect any issues but Avast doesnt run. I get an error message 4028. Is there anything I can do to prevent these 'attempts' and improve security and anti-virus protection?
Event Level: INFO
Date: 01-04-2015 15:31
User: SYSTEM
Event: [System] "samba" login failure from IP "95.17.235.195" detected.
Event Level: INFO
Date: 21-03-2015 00:28
User: SYSTEM
Event: [Network Defender] Abnormal login attempt detected, Add IP "80.191.36.173" to BlockList.
Samba Login Failures
-
- Posts: 10
- youtube meble na wymiar Warszawa
- Joined: Sun Sep 28, 2014 9:38 pm
- Kapitein Haak
- Posts: 333
- Joined: Tue Oct 15, 2013 2:40 pm
- Location: Stranded on the Dutch coast.
Re: Samba Login Failures
Hello nwilson777,
It looks like you have connected your Windows shares directly to the internet. Unless you have a VERY good reason to do this you should not expose your Windows shares to the internet. You should check your config and NOT forward port 139.
If you must connect Windows shares to the internet, then upgrade to firmware 2.4 and configure ADM defender and use white lists to block most of the world from accessing your NAS.
Best regards,
Kapitein Haak.
It looks like you have connected your Windows shares directly to the internet. Unless you have a VERY good reason to do this you should not expose your Windows shares to the internet. You should check your config and NOT forward port 139.
If you must connect Windows shares to the internet, then upgrade to firmware 2.4 and configure ADM defender and use white lists to block most of the world from accessing your NAS.
Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
-
- Posts: 10
- Joined: Sun Sep 28, 2014 9:38 pm
Re: Samba Login Failures
Where in the config do I check for this? I cant see anything on the ADM port forwarding to 139. I have enable windows file service enabled but there is nothing about a port number. If I de-enable this how will I see NFS shares across my local network.Kapitein Haak wrote:Hello nwilson777,
It looks like you have connected your Windows shares directly to the internet. Unless you have a VERY good reason to do this you should not expose your Windows shares to the internet. You should check your config and NOT forward port 139.
If you must connect Windows shares to the internet, then upgrade to firmware 2.4 and configure ADM defender and use white lists to block most of the world from accessing your NAS.
Best regards,
Kapitein Haak.
- Kapitein Haak
- Posts: 333
- Joined: Tue Oct 15, 2013 2:40 pm
- Location: Stranded on the Dutch coast.
Re: Samba Login Failures
Hello NWilson777,
As you have not forwarded stuff yourself it was probably done bij EZ-router.
Check settings, Ease of access, EZ-Router if Samba shares are port forwarded.
If this is empty, you would need to check your router.
NFS shares (and Windows shares) will continue to work on the LAN even if port forwarding is disabled,
Best regards,
Kapitein Haak.
As you have not forwarded stuff yourself it was probably done bij EZ-router.
Check settings, Ease of access, EZ-Router if Samba shares are port forwarded.
If this is empty, you would need to check your router.
NFS shares (and Windows shares) will continue to work on the LAN even if port forwarding is disabled,
Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
-
- Posts: 10
- Joined: Sun Sep 28, 2014 9:38 pm
Re: Samba Login Failures
Kapitein Haak wrote:Hello NWilson777,
As you have not forwarded stuff yourself it was probably done bij EZ-router.
Check settings, Ease of access, EZ-Router if Samba shares are port forwarded.
If this is empty, you would need to check your router.
NFS shares (and Windows shares) will continue to work on the LAN even if port forwarding is disabled,
Best regards,
Kapitein Haak.
EZ-Router is empty. I have a billion router so what and where am I checking on the router?
-
- Posts: 38
- Joined: Sat Nov 23, 2013 5:54 pm
- Location: Netherlands
Re: Samba Login Failures
In your billion router, ports are forwarded to your NAS. If not, maybe DMZ is open to your NAS (worst case scenario). Meaning, everybody is knocking on your door.
Please check your port status at http://www.ipfingerprints.com/portscan.php with your NAS powered on.
I do not know if you use a VPN service, but connected to VPN provider, ADM-defender also add login attempts to black list.
Please check your port status at http://www.ipfingerprints.com/portscan.php with your NAS powered on.
I do not know if you use a VPN service, but connected to VPN provider, ADM-defender also add login attempts to black list.
Another Day At The Office
-
- Posts: 10
- Joined: Sun Sep 28, 2014 9:38 pm
Re: Samba Login Failures
Ok I don't use a vpn service. On the router I have port 80 forwarded to allow me to access the NAS remotely. On my Mac with the NAS on I ran the port status check and this is what I found... What should I do?aj2 wrote:In your billion router, ports are forwarded to your NAS. If not, maybe DMZ is open to your NAS (worst case scenario). Meaning, everybody is knocking on your door.
Please check your port status at http://www.ipfingerprints.com/portscan.php with your NAS powered on.
I do not know if you use a VPN service, but connected to VPN provider, ADM-defender also add login attempts to black list.
PORT STATE SERVICE
80/tcp open http
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
513/tcp filtered login
548/tcp open afp
631/tcp open ipp
1234/tcp filtered hotline
1433/tcp filtered ms-sql-s
1434/tcp filtered ms-sql-m
1524/tcp filtered ingreslock
2049/tcp open nfs
3260/tcp open iscsi
3689/tcp open rendezvous
4662/tcp filtered edonkey
5001/tcp open commplex-link
5050/tcp open mmcc
6000/tcp open X11
6346/tcp filtered gnutella
6699/tcp filtered napster
6881/tcp filtered bittorrent-tracker
7778/tcp filtered interwise
8000/tcp open http-alt
8088/tcp open radan-http
9090/tcp open zeus-admin
9999/tcp open abyss
55555/tcp open unknown
-
- Posts: 38
- Joined: Sat Nov 23, 2013 5:54 pm
- Location: Netherlands
Re: Samba Login Failures
Every device, connected to the internet will be exposed to unwanted guests. Most routers have a decent firewall to block most threats.
Looking the results, you have open ports to your NAS to reach and use services running on your NAS while you are outside of your own network.
Opening ports on your router, will give possibilities to reach your NAS. Not just for you, basically everybody who is connected to the WWW.
If you decide to leave these ports open, so you can continue using services running on the NAS outside your network, accept people are trying to break in. You can protect yourself by using strong passwords (welcome01 and 123456 will not give much protection), and arrange good access rights to your shares and services.
Looking to my web-servers logs, hacking attempts happens about thousand times a day. And to my web-servers, only the basic ports are open to gain access to the websites and the mail servers.
If you do not use a feature on regular base, close the port in your Billion Router. You can use all services and features of the NAS inside your network with all ports closed.
If you decide to keep ports open, accept these hacking attempts continue and have faith ADM-defender will block threats.
Looking the results, you have open ports to your NAS to reach and use services running on your NAS while you are outside of your own network.
Opening ports on your router, will give possibilities to reach your NAS. Not just for you, basically everybody who is connected to the WWW.
If you decide to leave these ports open, so you can continue using services running on the NAS outside your network, accept people are trying to break in. You can protect yourself by using strong passwords (welcome01 and 123456 will not give much protection), and arrange good access rights to your shares and services.
Looking to my web-servers logs, hacking attempts happens about thousand times a day. And to my web-servers, only the basic ports are open to gain access to the websites and the mail servers.
If you do not use a feature on regular base, close the port in your Billion Router. You can use all services and features of the NAS inside your network with all ports closed.
If you decide to keep ports open, accept these hacking attempts continue and have faith ADM-defender will block threats.
Another Day At The Office
- Kapitein Haak
- Posts: 333
- Joined: Tue Oct 15, 2013 2:40 pm
- Location: Stranded on the Dutch coast.
Re: Samba Login Failures
Hello nwilson777,
Do not worry to much about the open ports you found from your MAC. As you probably have a direct LAN connection between the MAC and your NAS you should find a lot of ports open.
You could first try to create a white list on your NAS (Settings -> ADM defender -> Network Defender -> Black and White list -> Select White list), add the countries from which you would like access to the NAS. For remote support from Asustor you would need to add Taiwan as well . You could try this and see if this helps in the remote access attempts.
Otherwise you could ask someone skilled with routers to check your router for port forwarding.
Best regards,
Kapitein Haak.
Do not worry to much about the open ports you found from your MAC. As you probably have a direct LAN connection between the MAC and your NAS you should find a lot of ports open.
You could first try to create a white list on your NAS (Settings -> ADM defender -> Network Defender -> Black and White list -> Select White list), add the countries from which you would like access to the NAS. For remote support from Asustor you would need to add Taiwan as well . You could try this and see if this helps in the remote access attempts.
Otherwise you could ask someone skilled with routers to check your router for port forwarding.
Best regards,
Kapitein Haak.
"What would the world be like without Captain Hook?"
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656
---
"Homo sapiens non urinat in ventum" (A wise man doesn't piss into the wind), only in Amsterdam:
https://www.google.nl/maps/@52.36289,4. ... 312!8i6656