NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Failed logins to my QNAP NAS from my Netgear BE9200
With Armour enabled I am seeing numerous failed login attempts reported by all of my QNAP NAS devices
The problem is bad enough that my QNAPs are blocking the source IP of my router, which is their default gateway!
Has anyone else had this issue?
11 Replies
I have disabled SSH on all of my NAS, hoping my router default gateway will no longer get blocked!
-I will enable SSH if I want to use it, then disable again..
So you think that the SSH feature on the NAS is causing this interaction with Armor if enabled on the RS router?
I had one open for months with Armor disabled, waited for a new firmware,and re-enabled Armor
unfortunately, my email settings on QNAP 'expired' so I got no alerts and believed it was resolved and NetGear closed the case
I discovered the "expiration", fixed it, and was immediately flooded again the next morning (It appears Armor runs the 'scans' just after midnight)
I just wanted to share with the community to both make folks aware and to see if anyone had ideas
I have not opened a new ticket yet, as I am not convinced it will make any difference
Been there,done that.
The issues are:- Why can't Netgear answer definitively?
- Since the issue goes away with Armor disabled, why isn't there an option for me to configure "hands off"?
It is very scary to me that Netgear apparently does not know what the firmware they release for our devices actually does...
You may need to disable Armor while NG takes a close look into this. Something to keep in contact with NG support about.
Do you already have a case #?
RS280 running V1.0.1.90
If protection engine enabled on the RS router? If so, try disabling it and reboot the router and then check your NAS device...
The QNAPs are reporting failed SSH login attempts with several user names like oracle, root, admin, operator, and the source IP of the router.
The issues stop when I disable Netgear Armor
I opened a ticket with Netgear and they would not confirm or deny that Armor intentionally, by design, exhibits this behavior.
I am running the latest firmware for the BE9200 device.
It seems clear to me that either the Armor software itself is attempting these logins or there is a backdoor that 'bad actors' are using.
I find it very odd that the vendor cannot answer the question "Does Armor do this by design?"
The QNAPs are reporting failed SSH login attempts with several user names like oracle, root, admin, operator, and the source IP of the router.
Just guessing, but I am thinking the vulnerability scan built into Armor is attempting those logins. Then the QNAP protection methods kick in.
I think you can remove the QNAPs from the device scan list. Then try a test by enabling ssh again.
Though I don't use Armor myself, so I might be wrong on that.
FYI, you can also report this to BitDefender (who provide the technology to Netgear). Go to https://www.bitdefender.com/consumer/support/help/ and select "How To..." and then "Troubleshooting". You'll be able to select "NETGEAR Armor powered by BitDefender" and then enter a support request.
Which RS### series router is this?
What actual Firmware version is currently loaded?
Would be something to post about in QNAP forums or make contact with there support group regarding help and information for there product.
Which RS series router is this?
What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?Try disabling the following and see:
Armor, Smart Parental Controls or Circle, IPv6, Protection Engine, Traffic Meter.
