scubieman Posted December 10, 2018 Share Posted December 10, 2018 (edited) I happen to look in the unraid log. I found that someone from china is trying to telnet into my server? Edited December 11, 2018 by scubieman Quote Link to comment
NewDisplayName Posted December 10, 2018 Share Posted December 10, 2018 (edited) why? because every standard port gets every some seconds scanned. thats normal. Thats how worms and such spread. Thats also why you shouldnt face your unraid to the outside (at very least not with standard ports). unraid is not hardend to be reachable from the internet. Its intented for LAN. Security might be added at some point tho. Edited December 10, 2018 by nuhll Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 Thank you for quick respond. It appears i need to block telnet ports? 22, 23 ETC? As of now it should be locked down. I only have 1 port forwarded(plex). I have not set anything else through unraid to internet. Quote Link to comment
NewDisplayName Posted December 10, 2018 Share Posted December 10, 2018 normally you dont need to block anything, i guess your unraid machine is behind a router? this should stop anyting from reaching any pcs in your LAN, EXEPT you forward these ports to machines... Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 I appericate the help. Yes my unraid is behind a edgerouter x. So i hope that is enough of advanced to save me. Quote Link to comment
NewDisplayName Posted December 10, 2018 Share Posted December 10, 2018 But ure getting connections.. so this mus tbe forwarded to your unraid machine... Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 5 minutes ago, nuhll said: But ure getting connections.. so this mus tbe forwarded to your unraid machine... True, I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now. Quote Link to comment
NewDisplayName Posted December 10, 2018 Share Posted December 10, 2018 1 minute ago, scubieman said: True, I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now. So you removed that port forwarding in your router? Just to be sure. Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 Just now, nuhll said: So you removed that port forwarding in your router? Just to be sure. That was port 32400 used by plex. I set it so all traffic using that ip address will not leave my network. Short term solution. Trying to set up pfsense thinking of switching to that. However my dockers seem to reach the internet still. Not sure why or how Quote Link to comment
trurl Posted December 10, 2018 Share Posted December 10, 2018 Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections. Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 1 minute ago, trurl said: Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections. just like nuhll said. It should be blocked at the router before reaching the server right? Quote Link to comment
trurl Posted December 10, 2018 Share Posted December 10, 2018 2 minutes ago, scubieman said: just like nuhll said. It should be blocked at the router before reaching the server right? Yes unless you have opened some ports. Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 When I check ismyportopen.com I show all ports in the log are showing as closed. so not sure. Quote Link to comment
trurl Posted December 10, 2018 Share Posted December 10, 2018 Are you still getting telnet attempts? Quote Link to comment
scubieman Posted December 10, 2018 Author Share Posted December 10, 2018 1 hour ago, trurl said: Are you still getting telnet attempts? I sure am! last one was like ten seconds ago. Right now its 17:16 for time Quote Link to comment
itimpi Posted December 11, 2018 Share Posted December 11, 2018 Such requests should not be reaching your server if it is behind a router! You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/ Quote Link to comment
Hoopster Posted December 11, 2018 Share Posted December 11, 2018 1 hour ago, scubieman said: I sure am! last one was like ten seconds ago. Right now its 17:16 for time You are also getting ssh connection attempts. This usually only happens if you have open ports or have your server in the DMZ. Go to this site and click the Proceed button after doing a little reading. Then run the Common Ports and All Service Ports scans to see what is reported regarding port security. You want to see results like the following: Quote Link to comment
scubieman Posted December 11, 2018 Author Share Posted December 11, 2018 Such requests should not be reaching your server if it is behind a router! You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/I agree 100% . However I didn't change anything from my router after I set up unraid. Only thing is one port forwarding for Plex. I have no idea how to stop this. I guess it should be set by default to block all incoming. I may need to reach out to manfactor. Thinking switching to pfsense but at first glance it scares me lolSent from my Pixel 2 XL using Tapatalk Quote Link to comment
scubieman Posted December 11, 2018 Author Share Posted December 11, 2018 (edited) I ran it. I ran the 2 test you recommended and both came back success. 8 minutes ago, Hoopster said: You are also getting ssh connection attempts. This usually only happens if you have open ports or have your server in the DMZ. Go to this site and click the Proceed button after doing a little reading. Then run the Common Ports and All Service Ports scans to see what is reported regarding port security. You want to see results like the following: Sent from my Pixel 2 XL using Tapatalk Edited December 11, 2018 by scubieman Quote Link to comment
Hoopster Posted December 11, 2018 Share Posted December 11, 2018 4 hours ago, scubieman said: my unraid is behind a edgerouter x My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow? I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts. Quote Link to comment
scubieman Posted December 11, 2018 Author Share Posted December 11, 2018 (edited) 4 minutes ago, Hoopster said: My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow? I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts. I have openvpn installed on my ERX but its disabled as of now. I dont even have openVPN port forwarded. Only thing is plex. Maybe i should change plex IP then port forward to that for whatever reason Adding one more thing that is interesting.... Edited December 11, 2018 by scubieman Quote Link to comment
Hoopster Posted December 11, 2018 Share Posted December 11, 2018 18 minutes ago, scubieman said: I ran it. I ran the 2 test you recommended and both came back success. Sent from my Pixel 2 XL using Tapatalk You ran the UPnP probe. Did you also run the Port scans (highlighted in red)? The results should look like what I originally posted. Quote Link to comment
scubieman Posted December 11, 2018 Author Share Posted December 11, 2018 Sure did and came back passed.Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
Hoopster Posted December 11, 2018 Share Posted December 11, 2018 6 minutes ago, scubieman said: Sure did and came back passed. Sent from my Pixel 2 XL using Tapatalk OK, just making sure. If your router passed the port scans it is very strange that you are getting ssh and telnet connection attempts. Somehow, your server is exposed. Quote Link to comment
scubieman Posted December 11, 2018 Author Share Posted December 11, 2018 Trying to use a wan_in rule to block all ports till i can hear from manf. I show lots being blocked! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.