orion is a bunch of services. The key one is communicationmanagerd which tunnels back to wd2go. The reverse tunnel is how the hackers are able to hit the REST API.
It’s not a UPNP issue as some speculated. When the tunnel is established, mybooklive.deviceXXXXXX.wd2go.com maps back to your WAN IP address (where XXXXXX is the deviceID for your NAS). The attacker starts by iterating thru device IDs finding those DNS names that resolve to an IP address.
Do I understand correctly, if the “Remote control” option is enabled, then my NAS talks regularly to WD and “registers” it. Then the DNS A-record of mybooklive.deviceXXXXXX.wd2go.com will be changed to my current WAN IP.
I am amazed how much you know about the MBL. Did you disassemble the communicationmanager ELF binary ?
If am sorry if my question is stupid, but can anybody use that reverse tunnel when they know the device ID? This would mean that the REST API of every device can be accessed (if RemoteControl is enabled) even if UPnP is off?
I think they sent that to all of us, quite possibly as we are now registered here with contact details and have commented on the thread regarding data loss
Yes, if UPNP is off and Remote Access is on, the communicationmangerd is running. You can manually stop the daemon and see the external hits on your NAS die off.
@hightower I guess if your mother device (PC or Laptop) has enough memory to store the found files then I would assume no you only need one station, but please understand I am no expert and others might tell us both different !! I bought a double bay as I thought that would be the easiest thing to do. I am runnig R-Studio now but need to read the instructions to see how I can preview some of the found files before it finishes in 14hours time !!
finds and I think I can preview them to see if they are corupted or not, at the end of the scan. If it all looks OK I will by the licence and then no need to rescan, just save files I think?? Already 11% done after just 2 hours and 91,545 “Specific File Documents” which I am assuming will be individual files (picture, document etc etc?) Will come back tomorrow when scan is completed…
If your Duo has two drives with no mirroring there is no way to read one of them alone. I’m not sure you will be able to access the files even if you can get both hooked up at the same time. My DUO is mirrored so all my files are saved on both, not spread over two HDDs. Good luck to us all.