My router security app keeps reporting that external IPs are trying to connect to my NAS. The latest was described as a “brute force” attack. I’m concerned. I have the router firewall on and the NAS firewall enabled, but I don’t understand how other computers are even seeing my NAS online. I am a complete newbie to all this, but is there something I should do to stay secure? (I also have 2-factor login set up.)
Do you have open ports on your router?
It’s not hard doing port scans and it could just be that someone found one of your open ports and are now trying to figure out what’s on the other side of that port.
I installed nmap which shows that my router has four open ports (listed as ‘domain’, ‘http,’ ‘https,’ and ‘upnp’ - I think). This was from the default setup. I do not know if they need to be open for some reason. Will my router/mesh network work without these ports open? I notice that when I log into the router through browser, the address shows with http, so is that why the ‘http’ port needs to be open?
Yeah, turn off UPnP like yesterday, that one is serious attack vector for all kinds of hacks. It should be a setting in your router. Only really old hardware tends to require UPnP to work.
No idea what domain is, what port is that? HTTP and HTTPS can remain open, as those are port 80 and 443 which you sort of need to have open if you’re planning on using a reverse proxy for example.
No, these are ports facing the internet, things on your LAN have their own ports and none of them should face the internet.
1 Like