thanks for pointing that out, I see it. there are other fields as well which are filled:
IP Address
Subnet Mask
Gateway IP Address
DNS Server1
am I only clearing DNS Server1, or everything except for IP Address ?
it’s interesting you setup DHCP on the NAS, maybe I should do that as well. My router is setting the IP (static) but I also have static with the same IP on the NAS.
DNS server is so the NAS can phone home 
The “idea” is to assign static at the NAS; and you clear the “gateway address”; so the NAS has no idea where to find the “Gateway” to the internet. If you are using DHCP. . .the IP address and gateway address are given to the NAS from the Router.
You set up static on the router. . .and static on the NAS. . . .if they are the SAME. . . NBD.
If you set them up different. . . .I have no idea what happens. I suspect the NAS will ignore the assignement from the router. . .which might be problematic if the Router can assign the address the NAS wants to use to another device.
I went this way when I went through a brief period of moving the NAS around between two different routers. . . The routers were behind different ISP’s. . .which was ok. . .but when I started VPN’ing from a Machine on Router “A” to access a NAS on Router “B”. . . .having both routers operating on the same subnet became confusing. So I wound up using two different subnets. Once I did that. . .I then assigned a static IP for the NAS on EACH router. . . unique. . . .then I was no longer confused. (except if I tried to access a NAS on Router “A”. . .when the stupid thing was physically wired into router “B” 
i see, thanks for the explanation @NAS_user …
tried it to see what happens, clearing out both gateway and dns … but when the nas was working on the change (“Updating” message on dashboard), i decided to refresh and it came back to the same settings as before, so this change did not stick.
while this was going on it occurred to me maybe it’s not a good idea … no IP address specified for the NAS to communicate with the Router ? I could be wrong, wouldn’t this break my access to the NAS ?
the NAS is plugged into the Router serving my home, not directly to a computer.
currently on a desktop machine that doesn’t have VPN installed . . .so I can’t check everything out.
I misspoke. The DNS server (i.e. 8.8.8.8) is where the computer looks to match names like amazon.com or foxnews.com to a proper IP address in xxx.xx.xx.xx format.
So the trick here is “IP address” being assigned as static. . . and the “gateway” field being blank. The only thing you have to make sure is that the IP address is within the assigned working range of IP addresses configured on the router. (In other words, if you assign 192.168.0.100 to the NAS; and your router is working with 10.0.0.xx addresses. . .that is where you will have issues)
Worst case. . . .40 second reset will clear your user settings.
so, if i don’t specify a gateway, will that cut off communications between the NAS and the internet ?
not communications between the NAS and all the devices on the safe side of the Router’s firewall …
I believe that is correct. . . .HOWEVER. . . . .I did some testing on OS3
First . . DELETING the gateway entry won’t save. . . I had to put in a FALSE gateway entry to “make it stick”
Second. . .with the false gateway in place, I find that access via a different subnet within the router is blocked. (when I am accessing the network via a VPN - - -the roaming PC is placed on a different subnet than the rest of the network)
Third. . . . just because the NAS can’t find the internet. . .doesn’t mean it isn’t looking. I seem to recall that some functions on the OS5 NAS hang up if it can’t establish an internet connection.
interesting find …
before proceeding, let me just get verification of what I understand so far:
if my gateway specified on the NAS is: 192.168.1.2, would any other number combination used essentially break the link with WD servers ?
i decided to give this a go, changing both the default gateway and DNS Server 1 fields to a different IP (both IP’s are matched, the same).
how do I go about testing that there is no active communication between the NAS and the internet ?
I have not experimented in a bit. It was fun.
Eventually, I will roll back my OS/5 unit to OS/3. . . (yielding two active OS/3 systems).
I have heard a rumor that WD may have changed the “rescue O/S” such that it won’t load an OS/3 firmware. . . but I have no data to back that up. . . and fortunately I am probably 6 versions back on my OS/5 rig (i.e. late last year)
However. . .eventually I am going to splurge and get a completely different NAS setup. In the short term. . .I am considering placing the NAS behind a separate router that lacks a WAN connection. (Security at the expense of VPN access. . . )
I do not disagree with your assessment.
I was the biggest fanboy of WD around. . . .
. . . but OS/5 was really a move in the wrong direction.
. . .their strength was HDD’s. . . but with SMR tech now in the product line. . . .(and WD is not the only culprit). . .I am now migrating away from HDD’s for all but NAS applications.
I am looking for clarification…
WD suggest to disconnect the drives from your network. No conditions and to me in reading this thread in making the assumption that all customer would have remote access enabled.
Their latest update that I have seen states that the vulnerability occurs “when the device has remote access enabled”.
So am I correct in expecting that if customer did like I did from the beginning in disabling remote access that we are not in jeopardy of experiencing the issues reported (i.e. our My Bool Live drives will not get wiped).
Well, this thread started before we knew the exact cause. Now that its known, its best to not connect My Book Live to internet. But you still need them connected to your LAN to access them for which a good option is to statically configure its IP address and do not provide a gateway or DNS servers. This will keep it on LAN network and not accessible via Internet.
Hi Shreyas
Thanks.
That is a good suggestion.
I will reconnect them and make these changes.
Like others I am concerned that people trusted these devices as a sole place of storage and did not have redundancy scenarios in place.
I am planning once these are back on the network that they will be a duplicate of the primary storage I have put into place.
Colin
I think many routers offer an option to completely block internet for a device with a specific static IP address. So, blocking access to the MBL devices or any device for that matter, should be pretty simple. If you’re using something like TP-Link routers, this is the safest option.
Mind you this way you’ll lose access to features like Letsencrypt certificate renewals. However, the chances of your WD device getting hacked (given their terrible security practices) is much higher than someone snooping on your local WiFi.
thats possible, users can choose to block a device from internet access at the router.
i chose to do it at the NAS, and make a mental note of what i needed to do to disable internet access:
fake gateway address
fake dns server address
turn off cloud access globally (from the cloud access tab in the dashboard)
if i want to put it back online i would go back and revert those changes.
WD issued much too many firmware updates on OS5 to trust that the platform is bullet proof. so far, what versions of apps and OS5 i have work fine for me and I see no reason to go into ‘panic’ mode when reading release notes on iterative updates.
in addition to having to turn on public for eacg of my private shares (i.e. private shares is broken) … just to get rid of a permissions issue in mac os, tells me WD screwed things up.
unclear, how would the nas be able to see the internet when fake gateway and dns addresses are used ?
Hi Shreyas
I have made changes to:
