advertisement


QNAP NAS’s - malware attack.

Thanks for the heads up. I'm wondering how to disconnect my nas from the internet without disconnecting it from my network. At the moment it backs up to cloud. But I think it should only connect to QNAP.
 
Thanks for the heads up. I'm wondering how to disconnect my nas from the internet without disconnecting it from my network. At the moment it backs up to cloud. But I think it should only connect to QNAP.

As long as you don't have a firewall rule that makes it reachable for incoming traffic (i.e. all internet traffic is sourced from the NAS), you should be OK... (Unless they've hacked the cloud backup somehow!)
 
Thanks for the heads up. I'm wondering how to disconnect my nas from the internet without disconnecting it from my network. At the moment it backs up to cloud. But I think it should only connect to QNAP.
Does your router support VLANs? If so you will be able to set up separate subnets and keep them isolated from one another. Also you don't say if you are using WiFi, Ethernet or both. A decent Draytek box can support both.

Cheers,

DV
 
Does your router support VLANs? If so you will be able to set up separate subnets and keep them isolated from one another. Also you don't say if you are using WiFi, Ethernet or both. A decent Draytek box can support both.

Cheers,

DV
The qnap is connected wired, the network uses both. Are you suggesting getting a hardware firewall?
 
The qnap is connected wired, the network uses both. Are you suggesting getting a hardware firewall?
No. My Draytek 2862 router can create VLANs with separate subnets and can connect both wired and WiFi connected stations together. It can create up to 15 VLANs using the 4 Ethernet ports and up to 8 SSIDs!

Here is an introduction https://www.beaming.co.uk/knowledge-base/what-is-a-vlan/

What is your router?

Cheers,

DV
 
Do you mean
https://forum.qnap.com/viewtopic.php?t=151402#p732425
If so I'm not sure how to
change the default gateway config on the QNAP to something else other than the actual default gateways

I think if your QNap unit isn't reachable from the internet, i.e. you don't have inbound ports open on your router then I cant see how the malware could reach it unless it is infected through its contact with the cloud backup or from a machine on the LAN side - so I thought the advice in that forum to scan for any open inbound ports and then disable UPnP if it is found seemed pretty sound. It looks like the actual route of infection isn't understood yet so it's either going to come through an open inbound port or by inadvertently downloading something onto the local network which then gets into the NAS, so just the Qnap best practice recommendations on updating and locking down the Qnap are also worth doing as well as ensuring that there are no inbound ports that can get to the Qnap.
 
No. My Draytek 2862 router can create VLANs with separate subnets and can connect both wired and WiFi connected stations together. It can create up to 15 VLANs using the 4 Ethernet ports and up to 8 SSIDs!

Here is an introduction https://www.beaming.co.uk/knowledge-base/what-is-a-vlan/

What is your router?

Cheers,

DV
I've got a BT router connected to the outside world although I also have an Asus as a switch (connected to the Qnap) and wifi point
 
I think if your QNap unit isn't reachable from the internet, i.e. you don't have inbound ports open on your router then I cant see how the malware could reach it unless it is infected through its contact with the cloud backup or from a machine on the LAN side - so I thought the advice in that forum to scan for any open inbound ports and then disable UPnP if it is found seemed pretty sound. It looks like the actual route of infection isn't understood yet so it's either going to come through an open inbound port or by inadvertently downloading something onto the local network which then gets into the NAS, so just the Qnap best practice recommendations on updating and locking down the Qnap are also worth doing as well as ensuring that there are no inbound ports that can get to the Qnap.
If I can set my sky box to record from outside the network does that mean the router has inbound ports open?
Will try out the steps suggested when i get home.
 
If I can set my sky box to record from outside the network does that mean the router has inbound ports open?
Will try out the steps suggested when i get home.
Hi, don't think so - I believe that comes through the satellite signal.
 
I've got a BT router connected to the outside world although I also have an Asus as a switch (connected to the Qnap) and wifi point
If you mean a HomeHub then no this is just a very basic cheap router and doesn't support VLAN technology. You'd be better off investing in a 'proper' SOHO router. Depending on the model of ASUS you may be lucky check out the manual. My gut feel though is no.

Cheers,

DV
 
Hi, don't think so - I believe that comes through the satellite signal.

But you can do a simple scan for open ports using a tool like this one: https://www.ipfingerprints.com/portscan.php - this will show if you have anything open inbound from the internet
Hi, don't think so - I believe that comes through the satellite signal.

Also if you have a BT home hub, log in as admin and go to advanced settings, then select 'Firewall', and have a look at the settings there - if there are any inbound open ports they will have been configured there.
 
You don't need to worry about vlans (there is physical segregation in this case anyway, and vlans are still vulnerable if the firewall isn't configured correctly).

But I would look into a separate firewall or a router with decent firewall capabilities. Devices like ubiquiti security gateway or a bitdefender box are pretty straightforward to use and give a meaningful boost to security with a low bar for prior knowledge.
 


advertisement


Back
Top