Hello combs
Yesterday I noticed that if I switch off the Internet Box 3 and restart it, the VPN settings are gone. Is that normal? A restart every now and then is supposed to be useful, but that’s a bit annoying when the settings are gone.
VPN is then deactivated in the settings.
Greetings
Mogwai
I have to check the FW version this evening.
What may play a role: I restarted the box because the internet connection suddenly disappeared yesterday. After the restart it worked again, but when I went to the customer portal this morning I got the message that the internet had been deactivated for security reasons (hacker attack??).
I had this happen almost 2 months ago and hackers got through to my NAS… I looked stupid and locked my NAS first.
I don’t think the IB was hacked. There may be attacks on the Anschluss and devices accessible from the Internet. Swisscom then blocks the Anschluss if the system detects such attacks.
First, deactivate the “UPNP” item under port forwarding in the router. This should soon become standard.
Then look for a more secure variant of access from the network for the NAS. QNAP, for example, has its own cloud service. It’s more complicated, but much safer than putting it openly online.
Then select long PW and choose 2FA at least for the admin accounts. Of course, keep the NAS up-to-date. Unfortunately, it doesn’t help if there are security gaps that haven’t been fixed yet. QNAP, among others, was severely affected.
And as always, if you open a door in the router from the home network to the Internet, then the door is open in both directions, otherwise it won’t work. No firewall in the world offers protection against this.
Hi,
I had this almost 2 months ago and hackers got through to my NAS… I looked stupid and locked my NAS first.
What measures have you taken exactly? If a hacker has taken over your NAS, there’s a chance they’ve set up a backdoor there that persists even after you disable port forwarding, etc.
4b 65 69 6e 65 20 4d 61 63 68 74 20 64 65 72 20 6c 65 67 61 63 79 20 49 50 21
So, I’m sitting at the laptop again and just switched off the IB, this time the VPN stayed on…
FW version is 13.20.26/13.20.18/01923
To be on the safe side, I changed the box’s password, even though it was a long one, but the box always asked me to change it when I logged in.
NAS is a Synology DS1819+
Pretty sure only the NAS was cracked… password was too weak. NAS was then encrypted, PC was not.
I disabled port forwarding on the IB. I now only access the NAS via the Internet via the VPN.
I don’t remember what I did back then, I asked Aunt Google and then changed a few things (such as installing the AV program). By the way, the latter occurred during a system scan:
But could it also be a false alarm?
If your NAS has actually been hacked, there is actually only one safe countermeasure:
Immediately remove it from the network, re-format the hard drive to a low level and set up the device from scratch with a clean install; anything else is just window dressing and involves too much risk.
The most important protection for the Internet box itself is that its web GUI is generally blocked from access from the Internet.
I.e. unlike your Syno, which is negligently exposed directly to the Internet for security reasons, you can only attack an IB from the internal network and to do this you first need a process that establishes itself in the internal network and then with a password finder program tries to crack the web GUI from the inside, which would be significantly more complicated than if someone wanted to encrypt your Syno data directly from the Internet, because remote access is possible directly if you do so left the wrong port open.
In general, my recommendation would be to always only allow NAS access via a VPN connection and of course to always set Syno’s own user management and firewall to a high security level.
The same applies to the login procedure on Syno, where you should always activate the additional 2FA method.
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
@Mogwai72 I would install the Malwarebytes program on your PC and do a scan. The program is free for such cases. And I think that the malware found is already real.
Swisscom has proactively increased the requirements for Internet box passwords. Yours was probably not yet in line with the requirements, which is why you were asked to change it. However, I still don’t believe that your IB was hacked.
UPNP is/was actually an idea in the networking world to make networking more convenient. So you set up the option on the NAS to access it from outside and the NAS then told the router that it needed all requests to port xy and that was ok. If UPNP didn’t exist, you would have had to set it up manually on the router. Since many users would be overwhelmed by this, everything should be simple.
However, it has been shown that NAS and other devices are unfortunately not as secure as one would like. So the recommendation today is not to activate UPNP and to more or less ask the user to think more about what they are actually doing. That’s just the way it is, convenience and security don’t always go hand in hand.
@Werner has already written something about the NAS and I would take a look at the Synology website to see what they specifically recommend after such an attack.
I would like to access the NAS from a second home via the Internet with Win10. From what I’ve read, the two networks don’t have the same IP range, so I’m going to change the second home’s from 192.168.1.1 to another one. But that probably won’t be the final solution. I also heard rumors that I have to enter the IP of the IB 3 somewhere in the VPN settings, but I haven’t found anything where I could do that.
Hi @Mogwai72
From what I’ve read, the two networks don’t have the same IP range, so I’m going to change the second home’s from 192.168.1.1 to another one.
This is correct (otherwise your PC does not know whether the data has to go through the tunnel or not).
I also heard rumors that I have to enter the IP of the IB 3 somewhere in the VPN settings, but I haven’t found anything where I could do that.
It’s best to follow this instructions. You must perform these steps on the Internet box at your main location. Regarding IP: The easiest way is to use DynDNS activate - then you don’t always have to enter the current IP on the client.
4b 65 69 6e 65 20 4d 61 63 68 74 20 64 65 72 20 6c 65 67 61 63 79 20 49 50 21
@Mogwai72 here are the settings for changing the IP address for your router:
Don’t forget!!! Click on the “Spokes” button at the bottom right
Here is a small wiki regarding private network areas: https://de.wikipedia.org/wiki/Private_IP-Address
Hi,
How exactly do you connect to the NAS? Can you reach the web interface via the fixed IP? (http://192.168.1.xx:5000) Does the fixed IP respond to pings?
4b 65 69 6e 65 20 4d 61 63 68 74 20 64 65 72 20 6c 65 67 61 63 79 20 49 50 21
4b 65 69 6e 65 20 4d 61 63 68 74 20 64 65 72 20 6c 65 67 61 63 79 20 49 50 21
