How do we ensure ASUSTOR patch deadbolt?

Backup and data protection discussion at its finest.

Moderator: Lillian.W@AST

Post Reply
ov2rey
Posts: 26
youtube meble na wymiar Warszawa
Joined: Fri Aug 05, 2016 11:13 am

How do we ensure ASUSTOR patch deadbolt?

Post by ov2rey »

Does anyone know how to ensure that asustor is fully patched the security loophole of deadbolt?

Or Asustor going to keep patching after another attack again until 10 years later or until nobody will buy their product?

Seem like one after another attack on same deadbolt.
Lexx
Posts: 3
Joined: Thu Jun 16, 2022 2:11 am

Re: How do we ensure ASUSTOR patch deadbolt?

Post by Lexx »

Won't be same attack most likely

Don't enable ez-connect, don't setup ez-router (disable upnp on adm) don't manually portforward your ADM ports to your asustor (this goes for any nas make not just asustor)

You be fine then (if you need access to asustor look at setting up VPN or tailscale) and have a backup
ov2rey
Posts: 26
Joined: Fri Aug 05, 2016 11:13 am

Re: How do we ensure ASUSTOR patch deadbolt?

Post by ov2rey »

Lexx wrote:Won't be same attack most likely

Don't enable ez-connect, don't setup ez-router (disable upnp on adm) don't manually portforward your ADM ports to your asustor (this goes for any nas make not just asustor)

You be fine then (if you need access to asustor look at setting up VPN or tailscale) and have a backup
i never use ezconnect or ezrouter and upnp was disable also get attacked.

i am using static ip so i dont need ezconnect. anway i have disable internet access to asustor and i believe this is the best soution. next time going get synology or build freenas is better then asustor
User avatar
Nazar78
Posts: 2003
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:

Re: How do we ensure ASUSTOR patch deadbolt?

Post by Nazar78 »

i am using static ip so i dont need ezconnect
A simple scan can reveal you're using Asustor's NAS, thus exposed to attacks.

You still can use ez-connect but deactivate ez-router, turn off UPnP on your router and don't forward any ports unnecessarily even ADM default or changed ports and especially SSH. If you have IPv6, make sure your router's firewall is turned on and doesn't allow unwanted IPv6 incoming connections. Utilize your router's protection if any, such as against port scan, DOS and brute force. Assign another admin user then disable the default admin. Use strong passwords and enable 2FA (2 steps verification, one of the best defense IMHO unless it's a CVE fault).

This way the connection will go through Asustor's relay server and if there's any attack, Asustor's server will handle these attacks before reaching you. If you don't even trust Asustor's server, disable ez-connect then setup and allow only VPN to your NAS, safeguard your VPN keys/passphrases.

Be wary of the apps that you installed especially from unverified docker images. Secrecy is also a key, use reverse proxy and don't publish your apps to the public unnecessarily. Almost every outgoing connections will reveal what's running behind the requestor. If one don't know what's running on your end, botnets will have a harder time snooping around.

Just my 2 cents.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Post Reply

Return to “Backup and Data Protection”