NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Can a 314 ReadyNAS get hacked?
I am really worried : A few days ago I had to have tech support to me brand new 314 readyNAS. I was asked for my password by the online tech and left it in tech support mode for 12 hours until the ...
I must stress the error of my ways:
I had need to set my NAS to tech support mode. Thinking I was being helpful, I set my routers DMZ feature to point at the NAS, thereby dropping the firewall protecting the NAS. My thought process was I didn't want anything to obstruct the tech support staff from doing their job. I presume that at some point in the process of engaging the tech support mode, the box reverts its password back to the default - and there you go open access via SSH with the known default password. My only query and surprise, how did someone know which WAN IP address to target? My address is static but we have only had it 6 weeks total since our service provider changed a batch over apparently.
I admit I am a complete idiot - but only through a lack of understanding. If I'd know that access was fine without any port forwarding for sure, I probably wouldn't have ever dropped the firewall.
The main thing that made me realise there was something amiss was on the admin dashboard. The performance screen showed a lot of network activity (mainly Tx) onto the LAN from the ReadyNAS when no device was accessing it on the LAN. My router kept falling over and the LAN was unusable. Unplugging the NAS fixed the problem each time. My suspicions it was the NAS grew.
I must say a big big thank you to mdgm who has helped get to the bottom of the issue and has help by having someone inspect my logs. I'm not a complete newbie to these things but I am not an IT professional and I would have been a bit stuck without his invaluable help.
I had need to set my NAS to tech support mode. Thinking I was being helpful, I set my routers DMZ feature to point at the NAS, thereby dropping the firewall protecting the NAS. My thought process was I didn't want anything to obstruct the tech support staff from doing their job. I presume that at some point in the process of engaging the tech support mode, the box reverts its password back to the default - and there you go open access via SSH with the known default password. My only query and surprise, how did someone know which WAN IP address to target? My address is static but we have only had it 6 weeks total since our service provider changed a batch over apparently.
I admit I am a complete idiot - but only through a lack of understanding. If I'd know that access was fine without any port forwarding for sure, I probably wouldn't have ever dropped the firewall.
The main thing that made me realise there was something amiss was on the admin dashboard. The performance screen showed a lot of network activity (mainly Tx) onto the LAN from the ReadyNAS when no device was accessing it on the LAN. My router kept falling over and the LAN was unusable. Unplugging the NAS fixed the problem each time. My suspicions it was the NAS grew.
I must say a big big thank you to mdgm who has helped get to the bottom of the issue and has help by having someone inspect my logs. I'm not a complete newbie to these things but I am not an IT professional and I would have been a bit stuck without his invaluable help.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
