Check Router LOGS Your QNAP Might Be Vurnable (See Exmp).

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
RoTalk
Starting out
Posts: 20
Joined: Wed Mar 26, 2014 4:02 am
Model: TS-x20

Check Router LOGS Your QNAP Might Be Vurnable (See Exmp).

Postby RoTalk » Tue Dec 09, 2014 3:25 pm

I have an older TS-220 QNAP, it was kept updated and installed firmware before you get the prompt from the GUI, I do frequent
the forums and download firmware before it becomes official. I also had/have the NAS to only accept connection from LAN and
1 VPN connection from outside, changed SSH Port from default and so, even downloaded the app for malware scan and was covered
when the HeartBleed or Poodle came around.

My concern and question is why is the QNAP try to connect to the following IPs (listed below). I immedietly removed the QNAP
from the network that had internet access and isolated it on a LAN/Sandbox to where I can investigate further or do some
packet analysis and see exactly what is going on and if there is any data being sent in or out.

It is very chilling and makes you wonder when you see locations like, China, Russia and Virginia and forgot Korea.

Code: Select all

DESTINATION IP   ----   PORT   ----   COMP/ISP   ----   LOC/COUNTRY
123.51.51.75   ----   62348   ----   TELCOINABOX-AU   ----   AUSTRALIA
190.22.11.224   ----   54409   ----   TELEFONICA CHILE, SA   ----   CHILE/SANTIAGO
110.118.139.224   ----   5125   ----   China TieTong Telecommunications Corporation   ----   CHINA
122.226.84.253   ----   10240   ----   Jinhua Meidiya Netware Science Co.,ltd   ----   CHINA
220.181.111.147   ----   www   ----   CHINANET BEIJING PRO/CHINA TELECOM   ----   CHINA/BEIJING
175.31.205.5   ----   6881   ----   CHINANET JILIN PROVINCE   ----   CHINA/CHANGCHUN
222.179.19.130   ----   7706   ----   CHINANET CHONGQING P...   ----   CHINA/CHONGQING
42.236.177.43   ----   3811   ----   CHINA UNICOM HENAN P...   ----   CHINA/HENAN/ZHENGZHOU
211.149.146.109   ----   20001   ----   CHENGDU WEST DIMENSI...   ----   CHINA/SICHUAN/CHENGDU
219.234.3.134   ----   20001   ----   CHENGDU WEST DIMENSI...   ----   CHINA/SICHUAN/CHENGDU
61.188.37.216   ----   10240   ----   CHINANET SICHUAN PRO   ----   CHINA/SICHUAN/CHENGDU
61.188.37.216   ----   8000   ----   CHINANET SICHUAN PRO   ----   CHINA/SICHUAN/CHENGDU
78.215.209.151   ----   29154   ----   FREE SAS   ----   FRANCE/PAYS DE LA LOIRE/ANGERS
148.251.136.208   ----   46117   ----   HETZNER ONLINE AG   ----   GERMANY
46.137.188.54   ----   10240   ----   AMAZON WEB   ----   IRELAND/DUBLIN
46.137.188.54   ----   www   ----   AMAZON WEB   ----   IRELAND/DUBLIN
106.185.46.202   ----   20001   ----   Linode, LLC   ----   JAPAN
126.123.97.86   ----   54313   ----   Japan Nation-wide Network of Softbank BB Corp.   ----   JAPAN
42.124.72.22   ----   19573   ----   TOKAI COMMUNICATIONS...   ----   JAPAN/SHIZUOKA
175.41.238.100   ----   21047   ----   AMAZON WEB   ----   JAPAN/TOKYO
222.118.203.224   ----   12952   ----   KOREA TELECOM   ----   KOREA/SEOUL-T'UKPYOLSI
84.234.183.252   ----   13543   ----   LYSE TELE RESIDENTIA...   ----   NORWAY/ROGALAND/STAVANGER
79.169.150.203   ----   11332   ----   TVCABO PORTUGAL S.A.   ----   PORTUGAL/LIBOA/LISBON
66.87.140.165   ----   12137   ----   SPRINT NEXTEL CORP.   ----   PUERTO RICO/BAYAMON
79.112.212.62   ----   53891   ----   RCS/RDS ROMANIAN RESIDENTIAL   ----   ROMANIA/BUCHAREST
188.65.104.109   ----   48844   ----   LIMITED LIAB. CO   ----   RUSSIA/MOSCOW CITY
93.123.160.188   ----   19896   ----   OJSC INFOLINK TECHNOLOGY   ----   RUSSIA/MOSCOW CITY
78.81.245.47   ----   46201   ----   NOVGOROD DATACOM   ----   RUSSIA/NOVGOROD/VELIKIY NOVGOROD
212.232.59.149   ----   52032   ----   YARNET LTD   ----   RUSSIA/YAROSLAVL
122.248.234.207   ----   10240   ----   AMAZON-EC2-SG   ----   SINGAPORE
114.25.109.63   ----   9180   ----   HINET-NET/DATA CO. BUSS. GROUP   ----   TAIPEI, TAIWAN
176.58.96.231   ----   20001   ----   Linode, LLC   ----   UK/ENGLAND
92.40.249.118   ----   60127   ----   HUTCHISON 3G UK LIMITED   ----   UK/ENGLAND/WYTHENSHAWE
209.141.218.61   ----   44316   ----   THE LITE PLANT COMMISSION    ----   USA/AURORA/CO
66.161.11.64   ----   www   ----   LINKSYS   ----   USA/CA/IRVINE
74.207.241.132   ----   20001   ----   Linode, LLC   ----   USA/CALIFORNIA/FREMONT
142.196.133.106   ----   45682   ----   BRIGHT HOUSE NETWORKS, LLC   ----   USA/FLORIDA
74.125.31.105   ----   www   ----   GOOGLE INC.   ----   USA/GEORGIA/ATLANTA
74.125.31.99   ----   www   ----   GOOGLE INC.   ----   USA/GEORGIA/ATLANTA
24.118.158.201   ----   44838   ----   COMCAST CABLE   ----   USA/MINNESOTA/WEBSTER
54.164.143.118   ----   https   ----   MERCK AND CO INC.   ----   USA/NEW JERSEY/WOODBRIDGE
140.211.169.161   ----   www   ----   NERONET / OREGON   ----   USA/OREGON
216.146.43.70   ----   www   ----   DYNAMICS NET. SERVICES   ----   USA/TEXAS/CORPUS CRISTI
50.19.254.134   ----   10240   ----   AMAZON WEB   ----   USA/VIRGINIA/ASHBURN
50.19.254.134   ----   https   ----   AMAZON WEB   ----   USA/VIRGINIA/ASHBURN
54.205.33.168   ----   www   ----   AMAZON WEB   ----   USA/VIRGINIA/ASHBURN
54.210.85.151   ----   https   ----   AMAZON WEB   ----   USA/VIRGINIA/ASHBURN
174.103.211.116   ----   16320   ----   TIME WARNER   ----   USA/WISCONSIN
14.167.12.165   ----   15122   ----   VietNam Post and Telecom Corporation   ----   VIETNAM


User avatar
schumaku
Guru
Posts: 41814
Joined: Mon Jan 21, 2008 4:41 pm
Model: TS-x79U
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Check Router LOGS Your QNAP Might Be Vurnable (See Exmp)

Postby schumaku » Wed Dec 10, 2014 1:52 am

One day all router vendors understand that logs with ports and IP address are rather useless....

Most likely - as usual - you have the Download Station enabled on your NAS. And as it's stateless UDP traffic it's hard to distinguish if the connection was established form the LAN or from the wild Internet.

User avatar
pwilson
Guru
Posts: 22589
Joined: Fri Mar 06, 2009 11:20 am
Model: TS-x70 Pro
Location: Victoria, BC, Canada (UTC-08:00)

Re: Check Router LOGS Your QNAP Might Be Vurnable (See Exmp)

Postby pwilson » Wed Dec 10, 2014 3:41 am

schumaku wrote:One day all router vendors understand that logs with ports and IP address are rather useless....

Most likely - as usual - you have the Download Station enabled on your NAS. And as it's stateless UDP traffic it's hard to distinguish if the connection was established form the LAN or from the wild Internet.


Indeed. If his Router protects him as well as it logs it he will have pretty serious issues indeed. That Log output is completely useless for troubleshooting purposes. Like you, I too would suspect Download Station or some other Torrent client is enabled on the NAS.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.


Return to “Users' Corner”

Who is online

Users browsing this forum: No registered users and 2 guests