NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Why is my Netgear router trying to hack my NAS?
I had this happen with another Netgear router and returned it and got another, but same thing. The router is constantly trying to log into my Synology NAS using usernames like "user" and "admin". I figured the first router was compromised, but I guess this vulnerability is in all their routers now?
I'm getting dozens of warnings from my NAS daily and it keeps blocking my router as a suspicious device. I tried contacting Netgear but never got anything but an automated response.
"The IP address [192.168.1.1] experienced 10 failed attempts when attempting to log in to SSH running on Synology418play within 5 minutes and was blocked..."
11 Replies
The usernames it is using to try and get into my NAS with are ones like "vagrant", "root", "mysql", and "andy" (for some weird reason...). The online chat person says it is my NAS blocking the router, which it should, and that I should unblock all those usernames so the router can use them. And then they disconnected the chat.
The wonderful effects when some devices on the LAN are allowed to configure NAT port forwarding by UPnP. Beyond of what StephenB asked before, allow some more questions:
Or do you have intentionally configured a port forwarding for ssh (Port 22/tcp) on the router?
Does your router show the public IP address on the WAN port (Internet side), or is there another device like an Internet provider router doing NAT in front of the unspecified Netgear router - this is the typical dual NAT issue....
The router has no port forwarding set up at all so far, it's still at the defaults except for passwords. The router shows NAT forwarding as secured. I still don't understand how that would cause the router to try attempting to access my devices through SSH. This didn't happen with my ASUS router.
"The IP address [192.168.1.1] experienced 10 failed attempts when attempting to log in to SSH running on Synology418play within 5 minutes and was blocked..."The usernames it is using to try and get into my NAS with are ones like "vagrant", "root", "mysql", and "andy"
What model router are you using, and what firmware is it running?
Are you seeing any attempts to log into other devices on your network?
Is Armor enabled on the router?
Nighthawk Tri-Band WiFi 7 model RS280S. Firmware: 1.0.5.22. I have SSH disabled on most of my other devices except a couple game servers and I see the same attempts on those. Everything is defaults and it looks like Armor was enabled when I set up the router.
