My Netgear ReadyNAS NV+ has just posted me an email alert which looks ominous but which I don't understand. The unit has been working perfectly and nothing has happened to suggest problems. Is this a warning of infection ?
Any help in decoding this, or explaining what it means and what action I should take will be greatly appreciated.
If the NAS has a public IP address of 83.217.167.173, then I agree with kossboss.
If the NAS is behind a NAT router (the usual case), then destination ports 58121 and 5071 are being forwarded by your router to the NAS: (a) perhaps you have set up rules to forward them. In this case, if the service you are using doesn't need UDP, you can change the router rules to forward TCP only. If it does need UDP, then there isn't much you can do.
(b) perhaps the router is doing this automatically. If this is happening, then either you have an application on the NAS that is opening these ports - either through a service called UPNP, or by simply creating an outbound connection using that port. What add-ons do you have installed?
In case (b) - be advised that there is a massive security issue with upnp that was uncovered a couple weeks ago. Details are here: https://community.rapid7.com/community/ ... -dont-play Several people (including rapid7) are saying that you should turn off upnp services for now, and explicitly forward ports instead. The link includes a tool which will tell you if you have the vulnerability or not.
I am still at a loss to understand why I am getting these strange messages (from "Me" to "Me" !). I have run my antivrus scans through everything on my NAS, 2 PCs, laptop and Transformer tablet, which identified just a couple of doubtful, elderly downloads (Ebay) which I have removed. I have tracked the source of most of these files, which come from AKAMAI TECHNOLGIES INC who have sites all around the world. Apparently this is their business - transmitting traffic for their clients.
I have searched the setup of my NAS and as I am the sole user, using it only for handling a my own personal documents, files etc. it is setup for tcp but nothing else, I have been setting up and installing "apps" on my Asus Transformer (Android) and it started me thinking that maybe these messages are NOT coming from the NAS at all, but from something on the Android ? (I am not yet very conversant with this sytem).My NAS has never been able to send warnings to me directly through my ISP so I have A web-based ISP as a backup for this purpose and as a backup against failure of my main ISP, which works well. As the messages appear to come from me, addressed to me using my main ISP's address in both instances, this may suggest that the NAS is not the culprit at all !
I have gone through all the settings on my wired and wireless routers which show nothing untoward and - would you believe it ? - I haven't had one of these messages since ! I have firewalls setup on all of my devices, and the routers, wired and wireless, have their securities setup. I'm not sure if I need or know how to setup a separate firewall for the NAS and would appreciate advice on that.
As this "infestation" seems to have ceased I have decided to just wait and watch for the next few weeks, and to become more familiar with my Android, in the hope that it will all go away and that it was after all, not coming from the NAS.
In the mean time, I appreciate your interest and help.
