Question When your IP block list has single or more entry

Currently reading
Question When your IP block list has single or more entry

jeyare

jeyare

2,486
838
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
Check your Control panel/Security/Account .... Allow/Block list
when you have single or more IPs here in past 30 days something is wrong in your setup of:
- router firewall
- opened ports in router
- router IPS (if any)
- DSM Auto block configuration (Auto block must be enabled, max. 2 Login attempts, max. size of minutes within)
- you or your users frequently forgetting your usr/psw

Then it's a time to check it, because dark power is watching you.
 
I have account blocks registered almost daily –after one wrong attempt to access mail as I set it– because port 25 is open. Sometimes even over 10 attempts/day.
 
I have lot of public services running in my NAS farm. Also I have public fixed addresses. Till May it was 20-50/ daily blocked IPs by my NAS.
But from May when I was changed the network topology I have zero attempts from external IPs to be written in my NAS Block list.
 
I generally have SRM's Threat Prevention blocking scans and various perceived threats. Sometimes I add a specific SRM FW deny rule for the class B subnet and monitor it for a while and later add just that IP to the block list if they come back again.

On DSM I don't get any automatic blocked IPs. I changed the default ports and don't allow SSH login from the Internet. For inbound Mail Server I've an SRM FW rule to permit forwarded mail from my email service and a second rule to block from everywhere else (in case the NAT rule enables forwarding from anywhere).

I use DSM FW but mostly SRM's since migrating from Apple Airport's 'everyone or no-one' approach to port forwarding.
 
Often times it’s like a drive–by shooting for me. Very intense and then it stops.
When a few days go by without a push notification of a block, I go check the Mail service to make sure it’s running :D
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

U
  • Question
Geo Block Firewall Settings - help!
PF will help you for sure much more then syno fw
Replies
4
Views
2,118
Rusty
Rusty
N
Howto Block DSM redirect error page.
That's one way I suppose. For now, I just have a literally empty index.html file. As in NOTHING in it.
Replies
4
Views
1,752
namedNik
N
iStone
Solved Block mac address within LAN for NAS
If your router doesn't have an isolated guest network, just get another cheap wireless router, connect its...
Replies
11
Views
6,547
akahan
akahan

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top