Last edited:
Slightly of topic here, as it is security but both network as well as the NAS. As I think most folks know I use an Netgear Orbi mesh router system. I monitor the logs with respect to attacks and remote access attempts. The Orbi logs such 'attacks' and sends me an email when the log gets full. The log can hold 258 entries before it fills and sends the email to me.
Prior to last week I had maybe 2-3 emails a day. It is now sending emails through on intervals varying between a few minutes and half an hour:
Log data is looking typically like:
The 'attacks' seem to be coming from various, ISPs, sources, countries....... much weirdness.
Any thoughts / tips would be appreciated.
Further to this I'm currently allowing built in Applications of:
Thoughts appreciated.
Prior to last week I had maybe 2-3 emails a day. It is now sending emails through on intervals varying between a few minutes and half an hour:
Log data is looking typically like:
I'm guessing there is not a lot I can do about it except harden the firewall rules on the NAS and possibly tighten up the htccess rules on my forum (hosted on the NAS). Other solutions would be to buy a managed switch and put that ahead of the router but yeah that's not going to be viable.[LAN access from remote] from 204.10.192.178:9509 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:38
[LAN access from remote] from 204.10.192.178:47979 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:36
[LAN access from remote] from 204.10.192.178:9942 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:34
[LAN access from remote] from 204.10.192.178:22984 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:32
[LAN access from remote] from 204.10.192.178:3663 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:30
[LAN access from remote] from 204.10.192.178:41932 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:28
[LAN access from remote] from 204.10.192.178:17135 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:26
[LAN access from remote] from 204.10.192.178:20939 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:25
[LAN access from remote] from 192.241.235.205:57625 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:24
[LAN access from remote] from 204.10.192.178:56758 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:22
[LAN access from remote] from 204.10.192.178:36876 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:20
[LAN access from remote] from 204.10.192.178:13893 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:18
[LAN access from remote] from 204.10.192.178:9985 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:16
[LAN access from remote] from 204.10.192.178:57616 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:14
[LAN access from remote] from 204.10.192.178:30466 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:12
[LAN access from remote] from 204.10.192.178:39030 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:10
[LAN access from remote] from 204.10.192.178:12990 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:09
[LAN access from remote] from 204.10.192.178:10136 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:07
[LAN access from remote] from 204.10.192.178:62586 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:05
[LAN access from remote] from 204.10.192.178:10875 to 192.168.1.202:80, Thursday, August 11, 2022 10:37:03
[LAN access from remote] from 204.10.192.178:56094 to 192.168.1.202:443, Thursday, August 11, 2022 10:37:01
[LAN access from remote] from 204.10.192.178:22309 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:59
[LAN access from remote] from 204.10.192.178:46823 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:57
[LAN access from remote] from 204.10.192.178:24631 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:53
[LAN access from remote] from 204.10.192.178:31005 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:51
[LAN access from remote] from 204.10.192.178:18452 to 192.168.1.202:80, Thursday, August 11, 2022 10:36:50
[LAN access from remote] from 204.10.192.178:65272 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:48
[LAN access from remote] from 204.10.192.178:7191 to 192.168.1.202:80, Thursday, August 11, 2022 10:36:46
[LAN access from remote] from 204.10.192.178:20721 to 192.168.1.202:80, Thursday, August 11, 2022 10:36:44
[LAN access from remote] from 204.10.192.178:6101 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:42
[LAN access from remote] from 204.10.192.178:49068 to 192.168.1.202:443, Thursday, August 11, 2022 10:36:40
[LAN access from remote] from 159.65.189.170:45834 to 192.168.1.202:80, Thursday, August 11, 2022 10:35:22
[LAN access from remote] from 204.10.192.178:46613 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:23
[LAN access from remote] from 204.10.192.178:19338 to 192.168.1.202:443, Thursday, August 11, 2022 10:34:21
[LAN access from remote] from 204.10.192.178:38718 to 192.168.1.202:443, Thursday, August 11, 2022 10:34:19
[LAN access from remote] from 204.10.192.178:11801 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:17
[LAN access from remote] from 204.10.192.178:22198 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:15
[LAN access from remote] from 204.10.192.178:51629 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:13
[LAN access from remote] from 204.10.192.178:54864 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:11
[LAN access from remote] from 204.10.192.178:33316 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:09
[LAN access from remote] from 204.10.192.178:26258 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:07
[LAN access from remote] from 204.10.192.178:61072 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:05
[LAN access from remote] from 204.10.192.178:54913 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:04
[LAN access from remote] from 204.10.192.178:34737 to 192.168.1.202:443, Thursday, August 11, 2022 10:34:02
[LAN access from remote] from 204.10.192.178:65244 to 192.168.1.202:80, Thursday, August 11, 2022 10:34:00
[LAN access from remote] from 204.10.192.178:50072 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:58
[LAN access from remote] from 204.10.192.178:62259 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:56
[LAN access from remote] from 204.10.192.178:64473 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:54
[LAN access from remote] from 204.10.192.178:27238 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:52
[LAN access from remote] from 204.10.192.178:11501 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:50
[LAN access from remote] from 204.10.192.178:59813 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:48
[LAN access from remote] from 204.10.192.178:1551 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:46
[LAN access from remote] from 204.10.192.178:3765 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:44
[LAN access from remote] from 204.10.192.178:38608 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:42
[LAN access from remote] from 204.10.192.178:10932 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:38
[LAN access from remote] from 204.10.192.178:5007 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:37
[LAN access from remote] from 204.10.192.178:33520 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:35
[LAN access from remote] from 204.10.192.178:15375 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:33
[LAN access from remote] from 204.10.192.178:16999 to 192.168.1.202:80, Thursday, August 11, 2022 10:33:31
[LAN access from remote] from 204.10.192.178:30602 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:29
[LAN access from remote] from 204.10.192.178:15072 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:27
[LAN access from remote] from 204.10.192.178:30449 to 192.168.1.202:443, Thursday, August 11, 2022 10:33:25
[DoS Attack: SYN/ACK Scan] from source: 159.148.23.173, port 443, Thursday, August 11, 2022 10:32:52
[LAN access from remote] from 204.10.192.178:23569 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:41
[LAN access from remote] from 204.10.192.178:24811 to 192.168.1.202:443, Thursday, August 11, 2022 10:27:39
[LAN access from remote] from 204.10.192.178:18714 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:37
[LAN access from remote] from 204.10.192.178:30999 to 192.168.1.202:443, Thursday, August 11, 2022 10:27:36
[LAN access from remote] from 204.10.192.178:944 to 192.168.1.202:443, Thursday, August 11, 2022 10:27:34
[LAN access from remote] from 204.10.192.178:21396 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:32
[LAN access from remote] from 204.10.192.178:14899 to 192.168.1.202:443, Thursday, August 11, 2022 10:27:30
[LAN access from remote] from 204.10.192.178:49801 to 192.168.1.202:443, Thursday, August 11, 2022 10:27:26
[LAN access from remote] from 204.10.192.178:57706 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:24
[LAN access from remote] from 204.10.192.178:18210 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:22
[LAN access from remote] from 204.10.192.178:34067 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:21
[LAN access from remote] from 204.10.192.178:8858 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:19
[LAN access from remote] from 204.10.192.178:27678 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:17
[LAN access from remote] from 204.10.192.178:19167 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:15
[LAN access from remote] from 204.10.192.178:54218 to 192.168.1.202:80, Thursday, August 11, 2022 10:27:13
[DoS Attack: SYN/ACK Scan] from source: 159.148.23.173, port 443, Thursday, August 11, 2022 10:25:29
[LAN access from remote] from 204.10.192.178:19295 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:40
[LAN access from remote] from 204.10.192.178:18694 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:38
[LAN access from remote] from 204.10.192.178:7075 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:36
[LAN access from remote] from 204.10.192.178:56305 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:34
[LAN access from remote] from 204.10.192.178:35155 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:32
[LAN access from remote] from 204.10.192.178:39008 to 192.168.1.202:443, Thursday, August 11, 2022 10:22:30
[LAN access from remote] from 204.10.192.178:34581 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:28
[LAN access from remote] from 104.248.51.8:33786 to 192.168.1.202:443, Thursday, August 11, 2022 10:22:26
[LAN access from remote] from 204.10.192.178:41894 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:25
[LAN access from remote] from 104.248.51.8:23811 to 192.168.1.202:443, Thursday, August 11, 2022 10:22:24
[LAN access from remote] from 204.10.192.178:64410 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:23
[LAN access from remote] from 204.10.192.178:28926 to 192.168.1.202:443, Thursday, August 11, 2022 10:22:21
[LAN access from remote] from 204.10.192.178:57281 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:19
[LAN access from remote] from 204.10.192.178:28492 to 192.168.1.202:443, Thursday, August 11, 2022 10:22:17
[LAN access from remote] from 204.10.192.178:29362 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:15
[LAN access from remote] from 204.10.192.178:37298 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:13
[LAN access from remote] from 204.10.192.178:56144 to 192.168.1.202:80, Thursday, August 11, 2022 10:22:11
[LAN access from remote] from 51.77.117.33:39870 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:59
[LAN access from remote] from 51.77.117.33:25119 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:58
[LAN access from remote] from 51.77.117.33:11742 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:57
[LAN access from remote] from 51.77.117.33:63750 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:56
[LAN access from remote] from 51.77.117.33:30909 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:55
[LAN access from remote] from 51.77.117.33:1530 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:54
[LAN access from remote] from 51.77.117.33:32032 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:53
[LAN access from remote] from 51.77.117.33:31006 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:52
[LAN access from remote] from 51.77.117.33:25351 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:51
[LAN access from remote] from 51.77.117.33:21324 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:50
[LAN access from remote] from 51.77.117.33:1284 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:49
[LAN access from remote] from 51.77.117.33:56368 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:48
[LAN access from remote] from 51.77.117.33:38898 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:47
[LAN access from remote] from 51.77.117.33:5206 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:46
[LAN access from remote] from 51.77.117.33:35943 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:45
[LAN access from remote] from 51.77.117.33:62239 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:44
[LAN access from remote] from 51.77.117.33:31601 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:43
[LAN access from remote] from 51.77.117.33:57298 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:42
[LAN access from remote] from 51.77.117.33:7289 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:41
[LAN access from remote] from 51.77.117.33:2416 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:40
[LAN access from remote] from 51.77.117.33:12702 to 192.168.1.202:443, Thursday, August 11, 2022 10:14:39
[LAN access from remote] from 51.77.117.33:26436 to 192.168.1.202:80, Thursday, August 11, 2022 10:14:38
The 'attacks' seem to be coming from various, ISPs, sources, countries....... much weirdness.
Any thoughts / tips would be appreciated.
-- post merged: --
Further to this I'm currently allowing built in Applications of:
- BT - No ideas what this is used for, can it be disabled?
- Hybrid share - Not sure if I need this?
- WS-Discovery / WS-Transfer - No ideas what this is used for, can it be disabled?
- Homebridge (now disabled as for experimentation only)
- VPN Server (not in use so now disabled)
- Windows File Server - As I'm using all Apple kit is this needed?
- VisualStation (Search Visual Station) - I'm not using cameras with the NAS so this can get turned off I think?
- SSH / Telnet - I assume these can be turned off unless I actually need to use them?
Thoughts appreciated.