Jump to content
XPEnology Community

[SOLVED] Network Security - DS Finder Alerts


MHS

Recommended Posts

Hello,

 

I am running Trantor's XPEnology DS3612xs DSM 4.3 build 3810++ (repack v1.0) on the stock HP N54L (Gen7) ProLiant MicroServer and I have been experiencing some strange behavior on my home network with DS Finder and wondered if one of you might be able to tell me what's going on.

 

A short while ago Synology's DS Finder on my phone notified me in french:

 

Ládresse IP [201.238.###.##] de XPEnology a ete bloquee par SSH

 

Shortly after this I blocked the above IP and then recieved this message:

 

NAS_Maxime experienced an improper shutdown

 

Then another message in french:

 

Batteries faibles de lónduleur connecte a SynoStation

 

I don't speak french but can make out just fine what's being said, my box is also not called NAS_Maxime and the IP range is very different from my home network's. I don't have any 3rd party packages installed either.

 

My box also shows two recent logs after the IP was blocked:

 

External disk [uSB Disk 2 Partition 1] is ejected.

External disk [uSB Disk 2] is mounted and shared folder [usbshare2] is exported

 

There is no second USB Disk attached to the NAS.

 

I did some cursory Google searches but found no information to help me understand what's going on.

I'm a bit baffled as to why this cross-talk is happening.

Edited by Guest
Link to comment
Share on other sites

I have seen the same behavior on mine from same/similar address and others

 

something about ssh login attempt failed

 

I checked logs and did not find anything, doesn't mean something is not going on

 

it could be because of identical serial numbers or Mac address

I will change my macs to match my system as well as the serial number and see what happens

Link to comment
Share on other sites

I was looking around and people trying hack into synology ssh is a commonh thing, based on what I read at the synology forums, me personally going to change the default ssh port to something else

here is how

 

> /usr/syno/etc.defaults/rc.d/S95sshd.sh stop

> vi /etc/ssh/sshd_config

> /usr/syno/etc.defaults/rc.d/S95sshd.sh start

 

When editing the sshd_config change the line #Port 22 to Port 10022 or some other port number.

Link to comment
Share on other sites

Do you have connected xpentoligy n54l direct to the internet with no router or firewall?

Or do you have Port forwarding on your Firewall/Router activated. Normaly Ssh is blocked by

the Internet Router so you cannot connect to your Server ??

 

I am very interested in your case because i am not sure how secure xpenelogy is ....

I hope there are no backoors in the System ???

Link to comment
Share on other sites

Trust me, you change serial and problems are gone. No back door and no one try to "hack" your XPEnology.

 

Because, your XPEnology used 'universal' serial. Therefore when DS Finder connect to Synology's server it will receive alerts from another XPEnology that use the same serial with yours.

 

Guide to change serial is here: viewtopic.php?f=2&t=1353

Link to comment
Share on other sites

Changing the serial/MAC and the SSH config does the trick.

Thank you for your help neonflx and DHD!

Hey, Thanks for this thread...I was also trying to find out a solution for this...I changed the serial # and Mac Address, However I am still getting SSH logs like this -

 

Warning Connection 2013/12/10 04:54:11 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:54:09 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:54:07 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:54:04 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:54:01 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:53:59 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:53:55 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:53:53 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

Warning Connection 2013/12/10 04:53:51 SYSTEM User [root] from [198.13.110.108] failed to log in via [sSH] due to authorization failure.

 

Now I suspect it is coming because of my dyndns....I am using dyndns and NO-IP....Any thoughts ? Is your problem completely solved ?? I still have to see if I get any msgs on my DSFinder....

 

 

Update :: Take my words back for now...As I haven't seen any such activity since yesterday...I'll keep an eye and will report further...Tx

Link to comment
Share on other sites

×
×
  • Create New...