I have discovered a persistent backdoor in 2 of my NAS's. DSM updates do not effect it and Security Adviser does not detect it. They allow my hacker full control of the NAS and of course various attacks on my network including ARP spoofing, DNS spoofing, SYN Floods and DDOS attacks. I have just discovered them and blocked them successfully with the NAS firewall. It seems it's based on a trojan called Backdoor. Smother [Symantec-2003-092310-2135-991] but I am just guessing because it uses the same port. I really have no idea.
As you can see there is no PID or service name so yeah. I also have IPv6 disabled on the NIC but that doesn't matter.
Any help would be appreciated.