December 10, 20187 yr I happen to look in the unraid log. I found that someone from china is trying to telnet into my server? Edited December 11, 20187 yr by scubieman
December 10, 20187 yr why? because every standard port gets every some seconds scanned. thats normal. Thats how worms and such spread. Thats also why you shouldnt face your unraid to the outside (at very least not with standard ports). unraid is not hardend to be reachable from the internet. Its intented for LAN. Security might be added at some point tho. Edited December 10, 20187 yr by nuhll
December 10, 20187 yr Author Thank you for quick respond. It appears i need to block telnet ports? 22, 23 ETC? As of now it should be locked down. I only have 1 port forwarded(plex). I have not set anything else through unraid to internet.
December 10, 20187 yr normally you dont need to block anything, i guess your unraid machine is behind a router? this should stop anyting from reaching any pcs in your LAN, EXEPT you forward these ports to machines...
December 10, 20187 yr Author I appericate the help. Yes my unraid is behind a edgerouter x. So i hope that is enough of advanced to save me.
December 10, 20187 yr But ure getting connections.. so this mus tbe forwarded to your unraid machine...
December 10, 20187 yr Author 5 minutes ago, nuhll said: But ure getting connections.. so this mus tbe forwarded to your unraid machine... True, I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now.
December 10, 20187 yr 1 minute ago, scubieman said: True, I killed all connections to unraid. Now even the apps tab doesnt work ha. I'm ok with that for now. So you removed that port forwarding in your router? Just to be sure.
December 10, 20187 yr Author Just now, nuhll said: So you removed that port forwarding in your router? Just to be sure. That was port 32400 used by plex. I set it so all traffic using that ip address will not leave my network. Short term solution. Trying to set up pfsense thinking of switching to that. However my dockers seem to reach the internet still. Not sure why or how
December 10, 20187 yr Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections.
December 10, 20187 yr Author 1 minute ago, trurl said: Outgoing connections are normally allowed, and responses to those are allowed. Just think of web browsing, for example. What isn't allowed normally are unsolicited incoming connections. just like nuhll said. It should be blocked at the router before reaching the server right?
December 10, 20187 yr 2 minutes ago, scubieman said: just like nuhll said. It should be blocked at the router before reaching the server right? Yes unless you have opened some ports.
December 10, 20187 yr Author When I check ismyportopen.com I show all ports in the log are showing as closed. so not sure.
December 10, 20187 yr Author 1 hour ago, trurl said: Are you still getting telnet attempts? I sure am! last one was like ten seconds ago. Right now its 17:16 for time
December 11, 20187 yr Such requests should not be reaching your server if it is behind a router! You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/
December 11, 20187 yr 1 hour ago, scubieman said: I sure am! last one was like ten seconds ago. Right now its 17:16 for time You are also getting ssh connection attempts. This usually only happens if you have open ports or have your server in the DMZ. Go to this site and click the Proceed button after doing a little reading. Then run the Common Ports and All Service Ports scans to see what is reported regarding port security. You want to see results like the following:
December 11, 20187 yr Author Such requests should not be reaching your server if it is behind a router! You have not by any chance put the server into a DMZ zone on the router (as that means your are bypassing the routers protection against incoming connections from the internet)’/I agree 100% . However I didn't change anything from my router after I set up unraid. Only thing is one port forwarding for Plex. I have no idea how to stop this. I guess it should be set by default to block all incoming. I may need to reach out to manfactor. Thinking switching to pfsense but at first glance it scares me lolSent from my Pixel 2 XL using Tapatalk
December 11, 20187 yr Author I ran it. I ran the 2 test you recommended and both came back success. 8 minutes ago, Hoopster said: You are also getting ssh connection attempts. This usually only happens if you have open ports or have your server in the DMZ. Go to this site and click the Proceed button after doing a little reading. Then run the Common Ports and All Service Ports scans to see what is reported regarding port security. You want to see results like the following: Sent from my Pixel 2 XL using Tapatalk Edited December 11, 20187 yr by scubieman
December 11, 20187 yr 4 hours ago, scubieman said: my unraid is behind a edgerouter x My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow? I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts.
December 11, 20187 yr Author 4 minutes ago, Hoopster said: My router is the Ubiquiti USG. I imagine the EdgeRouter X is very similar in its security functions. If you only have the Plex port forwarded, perhaps something changed in your router configuration that resulted in it being exposed to the Internet somehow? I have the Plex port as well as OpenVPN port forwarded on the USG, but, nothing else and I have never seen the telnet and ssh connection attempts you are seeing. Shields Up reports all my router ports are in stealth mode and refuse to acknowledge any connection attempts. I have openvpn installed on my ERX but its disabled as of now. I dont even have openVPN port forwarded. Only thing is plex. Maybe i should change plex IP then port forward to that for whatever reason Adding one more thing that is interesting.... Edited December 11, 20187 yr by scubieman
December 11, 20187 yr 18 minutes ago, scubieman said: I ran it. I ran the 2 test you recommended and both came back success. Sent from my Pixel 2 XL using Tapatalk You ran the UPnP probe. Did you also run the Port scans (highlighted in red)? The results should look like what I originally posted.
December 11, 20187 yr 6 minutes ago, scubieman said: Sure did and came back passed. Sent from my Pixel 2 XL using Tapatalk OK, just making sure. If your router passed the port scans it is very strange that you are getting ssh and telnet connection attempts. Somehow, your server is exposed.
December 11, 20187 yr Author Trying to use a wan_in rule to block all ports till i can hear from manf. I show lots being blocked!
Archived
This topic is now archived and is closed to further replies.