[[SOLVED] HP Proliant N40L MicroServer native support]

I've built a few boxes using N54Ls and so far they are working great!

 

However, I was just sent this link and I thought I should share:

http://www.wilderssecurity.com/showt...19#post2238519

 

Well , if anything looks to good to be true...

 

A few weeks ago I surfed past this site -http://www.xpenology.com-. I had an old WHS lying around, and well I like to tweak computers , so I gave it a try.

After some tweaking I found my old WHS was running as a real Synology NAS ;D ;D ;D ...

Nicely done I thought.....:gack:

 

Well you guys probably allready know where this is going...

It turned out I installed A gaping backdoor on to my network, and they got in....

 

I have no idea how long they have been looking around or what they did, but it scares me.

 

Pretty scary IF it's true but that's a big IF. This guy goes not say which build he's used. I've tried to get to the xpenology site to see if anything was posted there but it seems to be down.

 

Although it's pretty unlikely this is true, I thought that I should investigate/post all the same. I've checked my own firewall monitors for the last week. My two newest SynoloHacs x.x.x.190 and x.x.x.180 are not making may calls to the outside world. I would have expected more traffic if there was a problem but I've not yet tracked down all the places it's tried to reach.

 

x.x.x.180 api.github.com https 443 TCP Default 355.71 KB <1%

x.x.x.180 91-121-40-14.ovh.net http 80 TCP Default 108.19 KB <1%

x.x.x.180 hermes.10trum.de http 80 TCP Default 88.64 KB <1%

x.x.x.180 60-251-87-136.hinet-ip.hinet.net https 443 TCP Default 28.75 KB <1%

x.x.x.180 vserver49.axc.nl http 80 TCP Default 15.63 KB <1%

x.x.x.180 lvps5-35-244-237.dedicated.hosteurope.de http 80 TCP Default 13.27 KB <1%

x.x.x.180 wa3.rzone.de http 80 TCP Default 12.34 KB <1%

x.x.x.180 546bcd0c.cm-12-4d.dynamic.ziggo.nl http 80 TCP Default 9.88 KB <1%

x.x.x.180 192.30.252.137 https 443 TCP Default 9.45 KB <1%

x.x.x.180 imu307.infomaniak.ch http 80 TCP Default 8.48 KB <1%

x.x.x.180 ns395541.ovh.net http 80 TCP Default 1.47 KB <1%

 

github seems ok... prob an update check

91-121-40-14.ovh.net... synocommunity

hermes.10trum.de... ?

60-251-87-136.hinet-ip.hinet.net.. ?

vserver49.axc.nl.. ?

lvps5-35-244-237.dedicated.hosteurope.de.. Pantofflhelden?

wa3.rzone.de..?

546bcd0c.cm-12-4d.dynamic.ziggo.nl.. ?

https://192.30.252.137/..?

imu307.infomaniak.ch..?

ns395541.ovh.net... Wombles NZB index

 

the other box (190)

 

x.x.x.190 31-6-72-106.the.ccsleeds.co.uk https 443 TCP Default 1.57 MB <1%

x.x.x.190 91-121-40-14.ovh.net http 80 TCP Default 476.93 KB <1%

x.x.x.190 api.github.com https 443 TCP Default 226.82 KB <1%

x.x.x.190 hermes.10trum.de http 80 TCP Default 94.03 KB <1%

x.x.x.190 60-251-87-136.hinet-ip.hinet.net https 443 TCP Default 29.44 KB <1%

x.x.x.190 52493be6.cm-4-2a.dynamic.ziggo.nl http 80 TCP Default 8.19 KB <1%

x.x.x.190 192.30.252.139 https 443 TCP Default 8.17 KB <1%

x.x.x.190 ns395541.ovh.net http 80 TCP Default 4.31 KB <1%

x.x.x.190 199.27.76.133 http 80 TCP Default 2.49 KB <1%

x.x.x.190 103.245.223.196 http 80 TCP Default 2.39 KB <1%

 

31-6-72-106.the.ccsleeds.co.uk... Synology cloud service

91-121-40-14.ovh.net.. Syno Community

api.github.com... git

hermes.10trum.de... ?

60-251-87-136.hinet-ip.hinet.net..?

52493be6.cm-4-2a.dynamic.ziggo.nl..?

192.30.252.13.. ?

ns395541.ovh.net... Wombles NZB index

199.27.76.133.. github

103.245.223.196.. github

 

Chris

 

Someone else allready checked this ? i just build a new box and want to run DSM but if this is true i'm gonna run something else.