NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Why is my Netgear router trying to hack my NAS?
I had this happen with another Netgear router and returned it and got another, but same thing. The router is constantly trying to log into my Synology NAS using usernames like "user" and "admin". I...
Intrusion detection is active for any service active on the Syno (or QNAP, or Asustor, ...) offering or requiring authentication. In this post is -must- be active, despite the OP claims SSH insists only enabled on devices requiring it - however, SSH access attempts are logged.
I was wondering if perhaps sftp or an rsync-over-ssh backup job is configured???
Remains the curiosity, how are there ssh packets reaching the NAS (behind of the NAT router on the LAN), and on which port
I think Armor's device scan is sending the packets and looking for vulnerabilities. So in fact they are coming from the router. But It's not a service I use, so I have no way to confirm.
The usernames it is using to try and get into my NAS with are ones like "vagrant", "root", "mysql", and "andy" (for some weird reason...). The online chat person says it is my NAS blocking the router, which it should, and that I should unblock all those usernames so the router can use them. And then they disconnected the chat.