As you may have read, yesterday I commissioned my RAID1 NAS and it's working great. Very, very slick and a number of the features have brought a smile to my face! I actually got to bed at 3:00am as I couldn't stop playing, ahem.

Browsing the log file just now however I found that for 30 minutes not long after I went to bed it was subjected every two seconds to a brute force FTP attack:

2009/10/07 04:05:32 [admin] FAIL LOGIN: Client "60.217.229.222"

Google revealed the I.P. address to likely be in China and that it has been blacklisted by some ISPs for exactly what caused me to research it.

I'm not an I.T. numpty but I certainly don't know it "all", so my question is "How was my NAS found?". I could understand my firewall repelling an intruder since it's knowingly exposed to the outside world but the fact that the NAS log shows the attack implies the firewall was breached.

I'm running a BT HomeHub with (checked and confirmed just now) default firewall and the only intentional way to reach my NAS from the outside world is via the secure MioNet web-based remote access account that I have created. If that's the weakness it gets deactivated right away; I have chosen a long and meaningless username and password but if that's breached I can't imagine it's rocket science to trawl even the "unshared" parts of my network.


TVM,
XV