NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Port scanning on 22
Has anyone else ever seen a ReadyNAS device port scanning on port 22? My network administer shut down access to our NAS because of this kind of scanning on tcp/22. He's assuming the device is compr...
Well, I have a good knowledge of Linux, but my knowledge of the ReadyNAS modifications to the base Debian is quite limited.
As far as I know, NAS have a flash and it can be accessed while the NAS is running because when we update the flash is also updated too. There is also some kind of sqlite database that handles some things (don't know what they are) and of course there are a few commands that are added (rn_shutdown for example), some configuration files are also changed (and placed elsewhere) and of course unused packages are deleted and packages essential for server are added. Past that, I'm guessing. I considered that if flash is writeable, then it can host the worm. That said, not many devices have flash so it would make more sense to have a worm that can infect the maximum number of machines.
As far as I know, NAS have a flash and it can be accessed while the NAS is running because when we update the flash is also updated too. There is also some kind of sqlite database that handles some things (don't know what they are) and of course there are a few commands that are added (rn_shutdown for example), some configuration files are also changed (and placed elsewhere) and of course unused packages are deleted and packages essential for server are added. Past that, I'm guessing. I considered that if flash is writeable, then it can host the worm. That said, not many devices have flash so it would make more sense to have a worm that can infect the maximum number of machines.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
