Go into the Orbi web ui. Select "advanced" at the top, and then select "advanced" again from the side menu.
Select UPnP from the left menu. If "Turn UPnP" is checked, then uncheck it and select "Apply".
Then select Port Forwarding/Port Triggering from the same left menu. See if there is anything forwarded to the NAS. Make sure you click "Port Triggering" after you've checked "Port forwarding".
Did you check the upnp and forwarding/triggering as I suggested?
Also, did you look at the apps you installed on the NAS? Any torrent app could expose you to these attacks, and perhaps others as well.
Blocking all services is a bit extreme. You are blocking both NTP (time synchronization), and check-for-updates. While you could do this as a stop-gap, it would be better to understand what is allowing these attacks in the first place, and close the underlying vulnerability.
It would be best to apply the latest FW to your NAS which has fixes for security vulnerabilities. This will enhance the NAS security also, uPnP lets devices on LAN to discover each other which might be causing for the attack to show up though the NAS is not listed as shown.
If ever you update to the latest FW version 6.10.8, please let us know if you are still getting that message.
Depends for what. First we need to understand that this massive blocking does connect outgoing connections from your LAN, 10.0.0.5 (.4) or whatever the ReadyNAS has) to the outside world. All reports however show connection attempts from the wild Internet -to- some internal system, probably the ReadyNAS, probably a different device with exposed services. Cumbersome is the reports are not very (read: NOT) helpful at all. Sure, of this NAS would be affected by malware, the filter might block it to call home to some CCC system
Doe this vendor providing the Netgear Armor system (or Netgear) realize that these threat information is just scaring, does but help nothing in finding which system on the LAN is affected, which protocol (like tcp) or which service resp. port like http 80, https 443, ssh 22, ... is affected? Incredible! Was this ever tested and reviewed? @Blanca_O@KevinLiT - trigger your Armor PMs.
And then, worse than ever, @Blanca_O@KevinLiT the rputer design does still let even senior users like @StephenB expect this service blocking is a control over incoming connections: It's not! And late 2022, there is still no firewall control on these routers for Internet->LAN (beyond of the basic port forwarding).
The feature potential for these routers and armor would be huge. However, Netgear is still sleeping well, still promoting wonky features ...
