- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Brute force password attack originating from RBR50
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in.
Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have Netgear Armor enabled, you're likely to see something like this occur once per week around the same time. This is one of the features of Armor, vulnerability scanning.
So if your freeNAS box reported the Orbi, it's likely what's going on.
---
@mschmid4 wrote:I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in.
Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me?
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have Netgear Armor enabled, you're likely to see something like this occur once per week around the same time. This is one of the features of Armor, vulnerability scanning.
So if your freeNAS box reported the Orbi, it's likely what's going on.
---
@mschmid4 wrote:I run a FreeNAS server on my home network and it alerted me that overnight there were over 800 ssh failed login attempts in a matter of a few seconds. Reviewing the logs it was clearly a brute force attack because the usernames being attempted were the obvious ones like root, admin, blank, etc. The source IP was my RBR50 at 192.168.1.1. I have no ports open to the public internet (even after a scan from https://www.whatismyip.com/port-scanner/), so I have no idea how this traffic was coming in.
Regardless of how it got in, I feel like armor/bitdefender advertise that it protects against brute force attacks. Am I incorrect about this and should Armor have stopped this and notified me?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Brute force password attack originating from RBR50
That is exactly what happened, thank you so much for the response. And I am no longer concerned about how someone got into my network, I have been changing all my passwords and hardening everything up!
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more