Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Security Concern - Constant Rsync/VSFTP/SMBD Connection Attempts

Featured Replies

Every few hours, I see the following messages in my syslog:

 

Nov 24 09:36:59 ur1 rsync[6282]: connect from 192.168.2.1 (192.168.2.1)
Nov 24 09:36:59 ur1 vsftpd[6281]: connect from 192.168.2.1 (192.168.2.1)
Nov 24 09:36:59 ur1 rsyncd[6282]: forward name lookup for DreamMachine.localdomain failed: Name or service not known
Nov 24 09:36:59 ur1 rsyncd[6282]: connect from UNKNOWN (192.168.2.1)
Nov 24 09:37:10 ur1 smbd[6284]: [2021/11/24 09:37:10.442874,  0] ../../source3/smbd/process.c:341(read_packet_remainder)
Nov 24 09:37:10 ur1 smbd[6284]:   read_fd_with_timeout failed for client 192.168.2.1 read error = NT_STATUS_END_OF_FILE.
Nov 24 09:39:22 ur1 vsftpd[7804]: connect from 192.168.6.1 (192.168.6.1)
Nov 24 09:39:22 ur1 rsync[7805]: connect from 192.168.6.1 (192.168.6.1)
Nov 24 09:39:23 ur1 rsyncd[7805]: forward name lookup for DreamMachine.localdomain failed: Name or service not known
Nov 24 09:39:23 ur1 rsyncd[7805]: connect from UNKNOWN (192.168.6.1)
Nov 24 09:39:33 ur1 smbd[7807]: [2021/11/24 09:39:33.981382,  0] ../../source3/smbd/process.c:341(read_packet_remainder)
Nov 24 09:39:33 ur1 smbd[7807]:   read_fd_with_timeout failed for client 192.168.6.1 read error = NT_STATUS_END_OF_FILE.

 

192.168.2.1 is my LAN gateway IP.

192.168.6.1 is a VLAN gateway IP for the VLAN on my UniFi network that all my docker containers are isolated on. I have firewall rules that prevent communication from the docker VLAN to my LAN. I have WireGuard running on Unraid and setup a static route as well as allowed host communication with docker containers using custom networks as recommended in setup instructions.

 

Any ideas what is causing these constant connection attempts?

  • 4 weeks later...

I´m having the same question. I´m also seeing alot of the folloing in my log,

 

Dec 23 12:57:10 Tower smbd[11525]: read_fd_with_timeout failed for client 192.168.1.1 read error = NT_STATUS_END_OF_FILE.

Dec 23 12:57:10 Tower smbd[11526]: [2021/12/23 12:57:10.801300, 0] ../../source3/smbd/process.c:341(read_packet_remainder)

 

192.168.1.1 is my gateway. It´s a udm pro with threat management, traffic & device inspection enabled.

14 minutes ago, ZinE said:

It´s a udm pro with threat management, traffic & device inspection enabled.

If I had to guess, I'd say your UDM is "helpfully" attacking your server.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.