NAS DNS query for ipfs.adatools.io
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 12:48 am
NAS DNS query for ipfs.adatools.io
Hello everybody,
I was checking my AdGuard Home DNS logs after getting back for my holidays and I noticed that my QNAP TS-832X queried the DNS for ipfs.adatools.io
Since it's linked to crypto I blocked the domain (on the DNS level).
No joy for a google search except a German forum with no answer, has anyone noticed such behaviour ?
My NAS is not open to the internet - I use the VPN on my ASUS router with ASUSWRT-Merlin.
No exotic software - only basic stuff, Plex, AdGuard, etc are docker containers on a RPi.
Malware remover brings up no concern.
Thank you for taking your time to read my first post.
Have a nice day !
I was checking my AdGuard Home DNS logs after getting back for my holidays and I noticed that my QNAP TS-832X queried the DNS for ipfs.adatools.io
Since it's linked to crypto I blocked the domain (on the DNS level).
No joy for a google search except a German forum with no answer, has anyone noticed such behaviour ?
My NAS is not open to the internet - I use the VPN on my ASUS router with ASUSWRT-Merlin.
No exotic software - only basic stuff, Plex, AdGuard, etc are docker containers on a RPi.
Malware remover brings up no concern.
Thank you for taking your time to read my first post.
Have a nice day !
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 5:29 pm
Re: NAS DNS query for ipfs.adatools.io
Hi
I have freshly registered just to say that I have a QNAP TS251D which is also querying ipfs.adatools.io. Like yourself I noted the possible crypto link and have been blocking it via my NextDNS account. It is querying the site approx every minute. My external QNAPCloud is disabled and my NAS is a very basic config used for local backup and as a local DLNA media server. I confess to being a little concerned! Hopefully there is an entirely innocent explanation?
Could it be related to a QVPN vulnerability? I was using a VPN connection to the NAS until very recently. viewtopic.php?f=45&t=164173
I have freshly registered just to say that I have a QNAP TS251D which is also querying ipfs.adatools.io. Like yourself I noted the possible crypto link and have been blocking it via my NextDNS account. It is querying the site approx every minute. My external QNAPCloud is disabled and my NAS is a very basic config used for local backup and as a local DLNA media server. I confess to being a little concerned! Hopefully there is an entirely innocent explanation?
Could it be related to a QVPN vulnerability? I was using a VPN connection to the NAS until very recently. viewtopic.php?f=45&t=164173
-
- New here
- Posts: 2
- Joined: Mon Jan 10, 2022 7:01 am
Re: NAS DNS query for ipfs.adatools.io
I have the same issue with a TS453D. No many services running (DLNA Media Service, Qsync, Rsync, SQL Server, Werb Server, Proxy) and whatever else QNAP add. QuFirewall reports several events blocked from (source) 185.165.190.17, however my NAS is not directly expose to the Internet. Any ideas?
-
- Starting out
- Posts: 15
- Joined: Fri Nov 27, 2020 10:53 pm
Re: NAS DNS query for ipfs.adatools.io
I have the same issue with a TS-h886 ... it started 28.12.2021. The same day I upgraded to Fw 5.0.0.1892
My NAS also doesn't present any open ports to the internet. So I'm searching and wondering what that might be.
Of course I thought of malware, but there aren't any high CPU, RAM or disk usages.
Just those DNS requests for ipfs.adatools.io
My NAS also doesn't present any open ports to the internet. So I'm searching and wondering what that might be.
Of course I thought of malware, but there aren't any high CPU, RAM or disk usages.
Just those DNS requests for ipfs.adatools.io
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 5:29 pm
Re: NAS DNS query for ipfs.adatools.io
Hi
All mine are DNS calls.... I can detect no additional CPU usage or any other unusual DNS requests. I am tempted to completely rebuild the NAS because of it - particularly as , at present, there is no certain cause as to the "infection", and whether there may be more to it. I notice that today there are no DNS requests to ipfs.adatools.io at all. I have done nothing to stop them which adds to the mystery!
All mine are DNS calls.... I can detect no additional CPU usage or any other unusual DNS requests. I am tempted to completely rebuild the NAS because of it - particularly as , at present, there is no certain cause as to the "infection", and whether there may be more to it. I notice that today there are no DNS requests to ipfs.adatools.io at all. I have done nothing to stop them which adds to the mystery!
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: NAS DNS query for ipfs.adatools.io
Referring to a post in German forum: disable QuFirewall and DNS queries will be stopped!
Enable it again and DNS queries continue...!
Send a ticket to QNAP support and ask, what the hell they are doing...
Regards
Enable it again and DNS queries continue...!
Send a ticket to QNAP support and ask, what the hell they are doing...
Regards
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 15
- Joined: Fri Nov 27, 2020 10:53 pm
Re: NAS DNS query for ipfs.adatools.io
Now, I know the source. garderobier gave me the nudge.
It is QNAP Firewall 2.2.0 guys! You can verify it by simply stopping the firewall, the DNS requests will stop. And if you restart the firewall the DNS requests will resume!
It is QNAP Firewall 2.2.0 guys! You can verify it by simply stopping the firewall, the DNS requests will stop. And if you restart the firewall the DNS requests will resume!
-
- New here
- Posts: 2
- Joined: Mon Jan 10, 2022 7:01 am
Re: NAS DNS query for ipfs.adatools.io
In my case when disabling QuFirewall Version 2.2.0 (2021/12/16), form the QuFirewall console (switch to OFF) the DNS requests continue. If I STOP the service completely using the App Center the DNS requests stop.
Last edited by canas2022 on Tue Jan 11, 2022 5:59 am, edited 1 time in total.
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 5:29 pm
Re: NAS DNS query for ipfs.adatools.io
I can confirm, in my case, that QuFirewall is indeed the culprit. The DNS calls started again this morning so after the news re the QuFirewall connection I removed and then restarted the app. The DNS calls to ipfs.adatools.io stopped and then started again on reinstallation. Either uninstalling or stopping the app stops the DNS calls. Now awaiting a QNAP official response. Using FW 5.0.0.1891
I have noticed that I am now making calls exactly every 11 seconds to ipfs.adatools.io as per Adguard Home (hosted on my Asus RT-AX58U and not on the NAS).
I have noticed that I am now making calls exactly every 11 seconds to ipfs.adatools.io as per Adguard Home (hosted on my Asus RT-AX58U and not on the NAS).
Last edited by Froggy10 on Mon Jan 10, 2022 10:56 pm, edited 1 time in total.
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 12:48 am
Re: NAS DNS query for ipfs.adatools.io
Thanks for the findings!
I'm with QNAP support via ticket (fast response must I say)
I'll update It now.
I'm with QNAP support via ticket (fast response must I say)
I'll update It now.
-
- New here
- Posts: 3
- Joined: Sun Jan 09, 2022 12:48 am
Re: NAS DNS query for ipfs.adatools.io
QNAP support just got back, again, they are really fast this time (I'm with French support)
I told him that is was QuFireWall. I consented to give them my dump to further the analysis.
I translate his answer (not english):
"It's crazy ... I'll immediatly ask R&D to check the problem and I'll put your ticket on the higest priority"
Now let's see what happens.
I forgot to mention :
QuFireWall : Version 1.5.0 (2021/12/28)
QTS : 5.0.0.1891
-
- New here
- Posts: 7
- Joined: Fri Aug 21, 2009 3:30 am
Re: NAS DNS query for ipfs.adatools.io
Same issue here, blocked it with PiHole and was wondering where they were originating from, thanks for the insight.
Please let us know what QNAP support advise in relation to this strange behaviour.
Please let us know what QNAP support advise in relation to this strange behaviour.
-
- New here
- Posts: 2
- Joined: Wed Jun 07, 2017 11:14 pm
Re: NAS DNS query for ipfs.adatools.io
Any update from QNAP?M_P_O wrote: ↑Mon Jan 10, 2022 11:44 pmQNAP support just got back, again, they are really fast this time (I'm with French support)
I told him that is was QuFireWall. I consented to give them my dump to further the analysis.
I translate his answer (not english):
"It's crazy ... I'll immediatly ask R&D to check the problem and I'll put your ticket on the higest priority"
Now let's see what happens.
I forgot to mention :
QuFireWall : Version 1.5.0 (2021/12/28)
QTS : 5.0.0.1891
-
- New here
- Posts: 2
- Joined: Wed Apr 07, 2021 1:06 pm
Re: NAS DNS query for ipfs.adatools.io
Hi everyone, I'm the maintainer of adatools.io which is a Cardano Blockchain Explorer. The domain ipfs.adatools.io is a IPFS node that I run to pin NFTs (Non-fungible tokens). For those that don't know what IPFS is, it's a decentralised / peer-to-peer file network.
I'm really baffled as to why QNAP services would be doing queries to it other then it's trying to retrieve files from the network and my node has that file. If there is something on QNAP servers trying to retrieve a file from the network, blocking adatools.io won't help as it will just find another node / domain that's running a IPFS node.
So it would be good to find out what is actually causing the queries rather than just blocking / turning things off.
I know I was running an IPFS node on my QNAP at one point (or I still could be) via a Docker image, but I don't see how that would have any impact unless QNAP has an internal "chat" protocol and they're somehow communicating with each other?
I'm really baffled as to why QNAP services would be doing queries to it other then it's trying to retrieve files from the network and my node has that file. If there is something on QNAP servers trying to retrieve a file from the network, blocking adatools.io won't help as it will just find another node / domain that's running a IPFS node.
So it would be good to find out what is actually causing the queries rather than just blocking / turning things off.
I know I was running an IPFS node on my QNAP at one point (or I still could be) via a Docker image, but I don't see how that would have any impact unless QNAP has an internal "chat" protocol and they're somehow communicating with each other?
-
- New here
- Posts: 2
- Joined: Wed Apr 07, 2021 1:06 pm
Re: NAS DNS query for ipfs.adatools.io
QNAP have released an update to QuFirewall that apparently resolves the issue.
They don't mention why it was doing DNS lookups in the first place, or even why it was doing it on ipfs.adatools.io and not other IPFS node URLs.
Even though it has been resolved, it's still interesting since the domain was pointed to my QNAP NAS at some point and then suddenly a number of other QNAP servers are doing lookups. It's like my QNAP is talking to other QNAPs for whatever reason.
It would be good to get an official comment from QNAP as to what triggered this in the first place as most QNAP owners have reported that they are not running any IPFS nodes so their NAS had no reason to do a DNS lookup to ipfs.adatools.io.
- https://www.qnap.com/en-us/app_releasen ... qufirewallWe have fixed an issue where QuFirewall would constantly perform DNS lookup of ipfs.adatools.io because the IP address of the domain name would expire.
They don't mention why it was doing DNS lookups in the first place, or even why it was doing it on ipfs.adatools.io and not other IPFS node URLs.
Even though it has been resolved, it's still interesting since the domain was pointed to my QNAP NAS at some point and then suddenly a number of other QNAP servers are doing lookups. It's like my QNAP is talking to other QNAPs for whatever reason.
It would be good to get an official comment from QNAP as to what triggered this in the first place as most QNAP owners have reported that they are not running any IPFS nodes so their NAS had no reason to do a DNS lookup to ipfs.adatools.io.