advertisement


QNAP NAS’s - malware attack.

thebiglebowski said:
Blocking incoming connections won’t do anything to help or secure things.

Creating VLANs won’t do anything to help or secure things.
Click to expand...

Huh? My QNAP is not visible to the internet, I am running no services on it that requires it to do so. I am not blocking anything to the QNAP per se, I just have a zero trust policy and ensure whatever internet access router I have only allows in>out initiated connections. Zero incoming Udp/tcp allowed, default drop rule first in my list :)

I think you need to qualify your statement? :)
 
If your QNAP is infected then it will dial out to the Malware Command and Control Server, any related inbound connections will then be allowed through your Firewall - otherwise you'd be unable to do stuff like surf the web.

Unsolicited inbound connections will be blocked. Solicited connections will be allowed out and then there is a path back into your network.

How likley you are to get the infection onto the QNAP is an unknown, in your case highly unlikely, but not impossible.

Gus
 
Dowser said:
Huh? My QNAP is not visible to the internet, I am running no services on it that requires it to do so. I am not blocking anything to the QNAP per se, I just have a zero trust policy and ensure whatever internet access router I have only allows in>out initiated connections. Zero incoming Udp/tcp allowed, default drop rule first in my list :)

I think you need to qualify your statement? :)
Click to expand...

I suggest you pcap your NAS and you'll see it's making outbound connections to things you didn't expect. Having a rule that blocks incoming traffic is OK but it doesn't stop your NAS making outbound connections.

I'm using a Palo Alto firewall at home and here's a screenshot of my outbound NAS traffic with GitHub as an example:

49034679686_e91b53a5ec_b.jpg
 
You must log in or register to reply here.


advertisement


Back
Top