Reply
Advisor
Ron_KK1L
Posts: 27
Registered: ‎10-13-2011
0

PCAnywhere login attempts/attack...

Folks,

 

I just noticed a Chinese IP range (222.177.23.112) coming in on my port 22 accessing my MyBookLive. I caught it right away (by luck) and forwarded all access from 222.x.x.x to an invalid local IP address. At that point the attempts stopped pretty quickly. I was a bit concerned by this and thought I would see if others might have seen such activity! I do have FeaturePacks installed from highlevelbits.free.fr. 

 

Ron, KK1L

Honored Contributor
TonyPh12345
Posts: 23,139
Registered: ‎01-11-2010
0

Re: PCAnywhere login attempts/attack...

Of course!

 

*ANY* time you expose a port on your router to an internal service, there will be exploit attempts on it.

 

Get used to it, and make darn sure your security stance is rock solid...

 

===Live SMP / Live Hub x2 / Live+ / Live x2 / 24 TBytes of QNAP + WD NAS ===
Advisor
Ron_KK1L
Posts: 27
Registered: ‎10-13-2011
0

Re: PCAnywhere login attempts/attack...

Yeah that's right Tony. Digging deeper I see that pretty clearly. They are likely ssh access attempts (not PCAnywhere which does not make sense against a unix varient) using a variety of default uid/pw combos. Nothing open to ssh are simple pw protected on my network. Wallwatcher is showing me all kinds of prowling activity on that port...mostly the NAS and my SIP router. I am not sure why the WRT54GL is not attempted so much.

 

Nonetheless going back to business as usual mode. No access granted <grin>

Honored Contributor
Myron
Posts: 1,643
Registered: ‎05-01-2011
0

Re: PCAnywhere login attempts/attack...

Why have you put your MBL onto the Router's DMZ?

 

About feature packs. If you ever find you have to install an official MyBook Live firmware update you could end up with a bricked MBL.  As long as youy're aware.  :smileywink:


Ron_KK1L wrote:

Folks,

 

I just noticed a Chinese IP range (222.177.23.112) coming in on my port 22 accessing my MyBookLive. I caught it right away (by luck) and forwarded all access from 222.x.x.x to an invalid local IP address. At that point the attempts stopped pretty quickly. I was a bit concerned by this and thought I would see if others might have seen such activity! I do have FeaturePacks installed from highlevelbits.free.fr. 

 

Ron, KK1L




Advisor
Ron_KK1L
Posts: 27
Registered: ‎10-13-2011
0

Re: PCAnywhere login attempts/attack...

Hi Myron.

 

The NAS is not in the DMZ, but 22 forwarded. I could change the incoming port to something different to prevent that I guess. As long as I know the port it is all that matters :smileyhappy: Only my SIP router is in the DMZ (the VoIP folks can get at it easily and QoS is not an issue). That is not absolutely neccesary and I might go back to forwarding the right ports and putting it on the GS116E switch with 802.1P to manage it.

 

I have ssh open on the NAS and just recovered from a bricked GUI by doing a firmware update. You were a principle in that thread (...Cannot access the dashboard...)

Forums | Ideas | News and Announcements | Register | Sign in | Help | Forum Guidelines
Copyright © 2001 - 2014 Western Digital Technologies, Inc. All rights reserved. | Trademarks | Privacy | Community Terms of Service | Site Terms of Use | Copyright | Contact WD