Router Log entries security risk for my cloud

My Cloud OS 3 Personal & Network Attached Storage My Cloud
1

FYI:    128.199.246.99 tracks back to roughregister,com

198.53.26.245   is My My Cloud Drive…   I’m NOT Roughregister.com

Any Clue’s ???

My Cloud is NOW OFF…

     

[LAN access from remote] from 129.253.8.24:51882 to 198.63.26.245:9091, Friday, February 27,2015 14:07:20

[LAN access from remote] from 128.199.246.99:38145 to 198.63.26.245:443, Friday, February 27,2015 13:56:50

[LAN access from remote] from 128.199.246.99:38089 to 198.63.26.245:443, Friday, February 27,2015 13:56:49

[LAN access from remote] from 129.253.8.24:34447 to 198.63.26.245:9091, Friday, February 27,2015 13:53:17

[LAN access from remote] from 129.253.8.24:37302 to 198.63.26.245:9091, Friday, February 27,2015 13:41:15

[LAN access from remote] from 129.253.8.24:33662 to 198.63.26.245:9091, Friday, February 27,2015 13:31:13

and

[LAN access from remote] from 129.253.8.24:6811 to 198.63.26.245:9091, Friday, February 27,2015 18:11:18

[LAN access from remote] from 129.253.8.24:54152 to 198.63.26.245:9091, Friday, February 27,2015 17:55:17

[DHCP IP: 198.63.26.207] to MAC address 24:ab:81:fe:9c:34, Friday, February 27,2015 17:33:20

[LAN access from remote] from 129.253.8.24:47826 to 198.63.26.245:9091, Friday, February 27,2015 17:33:15

[DHCP IP: 198.63.26.207] to MAC address 24:ab:81:fe:9c:34, Friday, February 27,2015 17:15:54

[LAN access from remote] from 129.253.8.24:32126 to 198.63.26.245:9091, Friday, February 27,2015 17:11:11

[DHCP IP: 198.63.26.207] to MAC address 24:ab:81:fe:9c:34, Friday, February 27,2015 17:05:31

[LAN access from remote] from 129.253.8.24:33322 to 198.63.26.245:9091, Friday, February 27,2015 16:59:10

[DHCP IP: 198.63.26.207] to MAC address 24:ab:81:fe:9c:34, Friday, February 27,2015 16:58:46

[LAN access from remote] from 129.253.8.24:11003 to 198.63.26.245:9091, Friday, February 27,2015 16:55:08

[DHCP IP: 198.63.26.207] to MAC address 24:ab:81:fe:9c:34, Friday, February 27,2015 16:44:58

[LAN access from remote] from 129.253.8.24:60928 to 198.63.26.245:9091, Friday, February 27,2015 16:43:05

[UPnP set event: add_nat_rule] from source 198.63.26.245, Friday, February 27,2015 16:34:56

[LAN access from remote] from 129.253.8.24:54619 to 198.63.26.245:9091, Friday, February 27,2015 16:34:55

2

Looks like you have a couple of IPs in Singapore connected to your NAS, one on https. Not sure what port 9091 is, might be Java or something. Maybe it’s WD, I think they have operations in Singapore. Roughregister.com is not referring to you, I don’t think you understand your logs.

Either way, you shouldn’t open up your drive to the internet, it’s just asking for trouble. You might be better off wearing a sign on your back saying “Kick Me”.

Just delete your port forwarding config and use the NAS only when you are at home. There are plenty of ways to take music and other content with you when you go on the road.

Edit: Actually, it might not having anything to do with the NAS. That is your router’s external IP address and so it could be another device on your network that is being connected to, or the router itself.

3

Thanls for the reply, open ports are set for activities Irequire (on occasion),   My Point was (there was a typo) 198.63.26.245 The only successful connections is MY WD Cloud 3TB Drive…   NOT intended as a HoneyPot…

Since I truned it physically OFF NO more successful intrusions…  

All this discovered / paid attention to is dueto ISP (Comcast Cable), issues.  that I’m 99.9% sure NOT related… 

30 Yrs, IT & PC experience, and noyt had any recent issues,  BUT this all started about time I installed the MyCloud…

Found OLD identical symptoms reported from 2 yrs ago…   Looking for more current status… 

Otherwise I just have a good 3TB drive (I really don’t need, at this time…)

jdk