Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Brute Force Password Attack - but NAS has no external access set

Robbie

Robbie

748
397
NAS
RS1221+, RS819, RS217
Operating system
  1. macOS
Mobile operating system
  1. iOS
Started yesterday with multiple failed password attempts, which restarted again this afternoon.

The odd thing is that my NAS is not currently set to be externally accessible via DDNS or Quickconnect - both methods are disabled. I am not sure how these events are making it past the pfSense firewall either - allegedly from an external WAN address.

2026-05-11 at 16.59.01.png


Anybody know how these external attempts are getting past my firewall and why my NAS is responding to an attempted login from an external address?

At the moment the attempts are only being blocked by the failed login Auto Block - a very late stage of protection!

☕
 
Sort by date Sort by votes
That’s alarming tbh. Cross check your NAT settings, firewall rules and log files asap!
 
Upvote 0
Everything looks ok. According to the log files pfSense is blocking them under the default rule, so not sure why DSM gets a sniff of them:

2026-05-11 at 18.21.14.png


Just to be sure, I blocked the /24s for these IP ranges using an easy rule:

2026-05-11 at 18.24.28.png


Looks like Iran has a beef with me but it still seems odd that DSM is allowing an external IP to get as far as an attempted login.

☕
 
Upvote 0
Do you have any port forwarding to the NAS? Using DDNS is just a way to resolve a name to the nearest Internet-routable device's IP address, usually the firewall/router for home users. Any port forwarding in the router will then take care of directing connection requests from its WAN port to a LAN device.

While we live in a world where VPN services allow connections to appear to be from a different country to the initiating device, you can still try setting up NAS firewall rules to block access from countries you know will never have a reason to be trying. That will stop some attempts.

Using non-standard ports for Internet access will make the job of finding them harder. Many scans will be for a range of known ports, not all 65k of the possibilities.

If you are using reverse proxy, even internally (I use an internal DNS so my URLs work at home and away), then you can apply access controls. Like this...

1778520649645.png
 
Upvote 0
I'd not considered setting an ACP. I'll have to be careful not to lock myself out!

A few services run on my NAS, including Home Assistant, Homebridge and Plex.

☕
 
Upvote 0
I’d say you have some misconfiguration on your firewall. That indeed is alarming if you don’t have it opened to the outside but are seeing that in your logs.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Popular tags from this forum

dsm firewall rules security

Thread Tags

Tags Tags
access attack external external access nas password

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending content in this forum

Back
Top