NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Can a 314 ReadyNAS get hacked?
I am really worried :
A few days ago I had to have tech support to me brand new 314 readyNAS. I was asked for my password by the online tech and left it in tech support mode for 12 hours until the problem (an uninstalled app which broke the OS 6.2.2 web admin dash due to the current firmware bug) was fixed. After I noticed that several services I had running before had been left on including the SSH service.
For the last two days my DSL router keeps getting maxed out and falls over especially in the mornings. Its logging is poor and I can't identify the exact culprit but I do know that unplugging the readynas from the network fixes the problem. Also if I firewall the readynas so it can't communicate outbound that helps as well.
Is it possible my NAS is being attacked or hacked? I am on a static WAN IP and have to use that DSL router - I have no choice due to provider.
Any ideas?
I notice since plugging it in the performance screen shows some disc operations and network activity present, yet when disconnected but left turned on the activity falls to nothing. Is it normal for a readynas to have activity when you think nothing on the LAN is using it?
I turned ready cloud, remote, replicate and that SSH off for now.
A few days ago I had to have tech support to me brand new 314 readyNAS. I was asked for my password by the online tech and left it in tech support mode for 12 hours until the problem (an uninstalled app which broke the OS 6.2.2 web admin dash due to the current firmware bug) was fixed. After I noticed that several services I had running before had been left on including the SSH service.
For the last two days my DSL router keeps getting maxed out and falls over especially in the mornings. Its logging is poor and I can't identify the exact culprit but I do know that unplugging the readynas from the network fixes the problem. Also if I firewall the readynas so it can't communicate outbound that helps as well.
Is it possible my NAS is being attacked or hacked? I am on a static WAN IP and have to use that DSL router - I have no choice due to provider.
Any ideas?
I notice since plugging it in the performance screen shows some disc operations and network activity present, yet when disconnected but left turned on the activity falls to nothing. Is it normal for a readynas to have activity when you think nothing on the LAN is using it?
I turned ready cloud, remote, replicate and that SSH off for now.
33 Replies
Replies have been turned off for this discussion
- Any PC can be hacked especially if in your router's settings you forward ports for services such as SSH to your NAS.
Our techs usually can fix issues without requiring any port forwarding.
Can you send in your logs?: http://www.readynas.com/kb/faq/misc/how_do_i_send_all_logs - I've emailed my log to the address stated as you suggested.
I think I've fixed the problem after hours of tracking it all down. I have made the incorrect assumption that the only thing that changed on the network was the ReadyNAS, which superficially seemed to be the case. Turns out my partner has been using Dropbox and some filesharing software on her laptop which I think has bombarded the router which in turn has fallen over. I reinstated the ReadyNAS on the LAN once shutting the laptop down and all seems okay now.
After tech support had been into my readynas the SSH service was left on and remained on, despite a reboot. I had placed the readynas's IP as the DMZ with the router while the support work was done, but the moment I received the email stating all was well disabled that so that hopefully sealed that hole before the issue occurred anyway.
What should I do with this SSH service? Should it remain enabled or disabled? I am not a techy but am guessing it allows root level access to what must be an underlying Linux system - hence in the wrong hands pretty dangerous stuff.
Should I change my boxes password having given it to the online tech support as requested? Surely none of them would misuse it? IanWilson wrote: I've emailed my log to the address stated as you suggested.
I think I've fixed the problem after hours of tracking it all down. I have made the incorrect assumption that the only thing that changed on the network was the ReadyNAS, which superficially seemed to be the case. Turns out my partner has been using Dropbox and some filesharing software on her laptop which I think has bombarded the router which in turn has fallen over. I reinstated the ReadyNAS on the LAN once shutting the laptop down and all seems okay now.
After tech support had been into my readynas the SSH service was left on and remained on, despite a reboot. I had placed the readynas's IP as the DMZ with the router while the support work was done, but the moment I received the email stating all was well disabled that so that hopefully sealed that hole before the issue occurred anyway.
What should I do with this SSH service? Should it remain enabled or disabled? I am not a techy but am guessing it allows root level access to what must be an underlying Linux system - hence in the wrong hands pretty dangerous stuff.
Should I change my boxes password having given it to the online tech support as requested? Surely none of them would misuse it?
You can disable SSH if you don't need it, but there's no danger in having it enabled as long as your router is not port forwarding SSH to it and/or you have a strong password.
There wouldn't really be any need to change the password because 1) I strongly doubt anyone of the support staff would do anything with it and 2) If you disabled port forwarding it's not possible to access it anyways.
I don't have access to the mailbox you sent the logs to but since you located the issue I don't think there's anything wrong with your device... Whoever goes through the logs will let you know more.- Thanks Danthem,
I have blocked SSH into the ReadyNAS anyway. Does it invalidate my warranty leaving SSH on? I can see with the current firmware issue how leaving on would be useful! - Well, we can put it this way - if you know what you're doing and/or just looking around, SSH is fine. However if you don't know what you're doing and manage to break parts of your system or even brick the complete device, you will be denied support. The average user never needs to use SSH.
As for the bug, SSH is useful but not crucial; booting the device in to tech support mode will provide the access required to fix the issue with a missing web interface. The bug only occurs if you uninstall certain apps, so my recommendation for now is to avoid uninstalling any apps until 6.2.3 has been released. - Oh, that's okay then, that clears that worry up!
My LAN remains settled thankfully, so hopefully my logs will confirm nothing untoward in terms of network activity from the readynas after all. It was really weird now taking it off network seemed to fix the problem initially though. - Well I spoke to soon. I am having problems again with my LAN, the router is being bombarded and is slowing down.
Simple fix, unplug the ReadyNAS from the LAN - fixed. Plug back in and problem returns after 5 mins or so.
Hoping the logs tell the story? - Looks like the Cloud services on the NAS are failing to start. Perhaps this is what is flooding your router. If you don't need these perhaps try turning these off.
If you do need them you may wish to check that your network settings on the NAS are correct. - I have posted more logs to the email address given before by mdgm.
The problem IS clearly the NAS now. Unplug and my LAN works fine, plug in and within 5 mins my LAN is grinding to a halt.
Looking at the performance screen the LAN network adapter (adapter 0) is transmitting up to 100M at times, and it is not clear why as I have stopped all other LAN devices accessing the drive. I hope someone can inspect the networking logs to help work out what is happening here.
LAN setup is: DSL Modem---Apple TC (acting as DHCP router)---Wireless Airport Expresses---ALL LAN Devices.
The LAN has been up and running over 12 months without any issue, with streaming HD material from my old readynas NV and over the net.
It would be impossible to plug the NAS directly into the DSL modem or TC due to placement issues. - I've turned the all cloud services off already wondering if it was these. I've disabled SSH. I cannot turn off HTTP or HTTPS it won't let me deselect the tick box. So the only services running are SMB, UPnP, HTTP, HTTPS.
The network settings are DHCP and I set the DHCP server to send out 192.168.0.200. The readynas is populating IP, Subnet mask, router, and DNS's with the correct information - MTU set at 1500, so all the networking setting look correct as well.
My DSL modem is poor and I can't work out an easy way to see if information is being sent out over the internet by the readynas. I can certainly see that with the readynas plugged into the LAN there is a lot of light blinking on the back of the DSL modem, yet if I unplug the light blinking is very infrequent - as it usually was before attaching the readynas. Is there any other reason the readynas will be "attacking" the DSL modem in this way?
I am really confused, especially as I have run an older readynas on exactly the same settings without a problem for 12 months !
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
