I know. I said that because I seem to recall that myQNAPcloud DDNS requires myQNAPcloud, at least initially. And therefore I recommended you to use any other DDNS providerP3R wrote: ↑Sat Jan 29, 2022 7:59 am myQNAPcloud Link isn't the same as the myQNAPcloud DDNS service that you think it is. myQNAPcloud Link is cloud access to the Qnap so it's a completely different service with a different attack surface. It's better than direct exposure but it isn't what I would recommend either as it's Internet access to the NAS operated by Qnap.
I would recommend that you re-read what I put. We are talking, again, about indiscriminate attacks that seek the greatest possible impact in the shortest time (before the entry vector is identified and patched). No one is going to spend even 1 minute trying to infect someone in particular, unless they are a specific target with name/surname looking for something specific. There is no hacker monitoring the millions of hosts they try to infect one by one. You just try to send to as many IPs as possible, sometimes to a specific company, an AS or even a country, but that's it.P3R wrote: ↑Sat Jan 29, 2022 7:59 am And that will be effective long-term because luckily the bad guys are too stupid to use a VPN-service and also absolutely will never have access to global botnets that would allow them to attack natively from any country they wanted? You're only buying time...
It is not a question of whether the hackers use a proxy/VPN server to carry out the attacks, or even the botnets they use, it is a statistical case. More than 70% of exploit traffic originates from China and Russia. It doesn't matter if they do it from there by direct connections or using proxy servers/vpn/bonets from there. If we add to the list the USA, the Emirates and some other country on the periphery of Russia, we have more than 90%. That means unless you live in one of the more "evil" countries, you're reducing any risk massively. Moreover, even living in one of the most complicated countries, you would also be reducing the risk considerably.
No. Then you totally do not know how these attacks are carried out. Obviously they will be trying to attack the usual Web ports on each destination, they are not stupid, not just 8080. It is very likely that they are trying 8080/80/443, even 8081/8082. Yes, it's true, there are botnets that constantly scan destinations for ports and services, but excluding (again) targeted attacks, those scanners are essentially limited to known ports and little else. Again it is a matter of numbers. Which would you rather, let's say you put a botnet to work for an hour, discovering 100 different destinations with port 80 open or a single destination with 2 high unknown ports open? (times are just an example, I just want to illustrate why it's not done)P3R wrote: ↑Sat Jan 29, 2022 7:59 am It's too much money in this criminal industry as so many are willing to pay the ransom to stop here. The criminals will continue even when it mean they have to use a little more effort to get that money. When there aren't thousands of users on port 443 any more (and at this rate they disappear by the hour when they become infected), the criminals will adapt. They will use bots that search for and build databases of targets using non-default ports.
Precisely because the aim is to maximize economic profit, it is infinitely more lucrative to invest time in sending it to as many destinations as possible to a couple of ports, than to send the exploit to thousands of ports from the same address. Not to mention that most likely those that use ports by default are generally much more careless about security
You're wrong. I have not said that a port change or a region lock makes you safe. I have said that it greatly reduces any possible risk, and that in the end, whatever we do, we are always assuming a risk, as a result of usability/services/features. Whether it's using a VPN, whether it's having the phone connected to the Internet, using a Web browser...P3R wrote: ↑Sat Jan 29, 2022 7:59 am The difference between us is that you base your advice on what the the criminals have done and do today. You still think that if you you just hide a little you're safe. Qnap have tried to recommend that ostrich tactic as well...
Me and several other oldtimers here have said that Qnap software isn't hardened enough to be directly exposed on the Internet since long before QSnatch (revealed late 2019 but started much earlier).
Your advice will probably buy users some months, maybe a year. It will give them hope that they can continue what they're doing and in the end it will lead to even more victims when that bubble burst as well. Ooops!
I will never tell anyone what they should do. We totally agree that if you don't take a car you can't have a car accident (leaving aside the joke that you can always get hit by one). There will be many that this is enough to never have a car, and there will be many others who will take the risk, I understand perfectly. On the other hand, of those who take the risk, some will not even know how to drive, others will be geniuses behind the wheel, others F1 drivers!! But everyone who takes the risk of having a car will not have to walk to places. Everyone decides.
As always happens, 99% of the time it is a bug in the implementation, not in the protocol/system itself. You say that it is more dangerous to expose a port on the NAS than a VPN server? Well, that depends. If both have an exploit that allows access, in the first case you will have access only to the NAS, in the second case you will have (potential) access to the entire network. In fact, an exploit that affects a VPN server is sold on the black market infinitely more expensive than an exploit on a NAS. And better not even enter, as has been seen even in this same thread, that more than one uses PPTP.P3R wrote: ↑Sat Jan 29, 2022 8:03 am Yes, all communication have risks but to call well established VPN technologies a risk in comparison to a directly exposed Qnap is absolutely ridiculous. That Qnap managed to even mess up a VPN-service shouldn't be seen as a problem with the underlying technology but again, with their implementation.
It is highly contradictory to say that you can never trust A, which exposes a single device, but you can trust B, which potentially exposes the entire internal network. VPN accesses are by far the most delicate services out there, with which you have to be more careful, precisely because of the access they grant