But not that slim. Guess who happens to have a bunch of boxed 8-port 10 mbit/s hubs in the office

Hello XV105,

I see SD got there first. I'll add a little bit more....

(1) Ref 224.0.0.22 / 224.0.0.251 / 239.255.255.250 / 235.1.1.1

These are "special use" addresses that have no place on the internet, in internet terms they are known as "bogons" because they should not be routed by any ISP. Infact, best practice recommends to block the following ranges (amongst others, see link....) unless you've got a specific use for them :

223.0.0.0/8 (i.e. 223.0.0.0 to 223.255.255.255.255 - inclusive)
224.0.0.0/3 (i.e. 224.0.0.0 to 255.255.255.255 - inclusive)

There is a handy website known as "Team Cymru" (no relation whatsoever to that part of the UK) which gives a list of current "bogons" that you should be blocking .... go here ... The Bogon Reference - Team Cymru scroll down to "1. HTTP Bogon References" and open, I would suggest, "The Text Bogon List, Aggregated".

All the addresses listed on the TC website are addresses that should essentially be never seen from the internet (i.e. you should never receive traffic from those IPs) and should never be leaked out onto the internet (i.e. you should not send traffic to the internet from those IPs without appropriate measures in place, e.g. NAT).

(2) Ref 198.107.148.254

Sounds like you've tracked this one down.

(3)

I'm sure it's easily doable through the Linux command line.... "restarts by itself every half hour" sounds suspiciously like a crontab entry !

Mike,

Which one of the following are you ?

If the multicast addresses were simply seen on the LAN, that is probably quite normal, if there are devices that rely on various IGMP messages for network discovery / management. It's quite possible that the NAS and mionet does this.

As mixture says, these addresses should not be routed to or from the internet (all firewalls should block these by default).

SD

Just to be a little pedantic .... they probably won't block the allocatable bogons .. which have a tendency to be announced and used by less scrupulous individuals...

But most of the bogons yes, should be blocked....

Mixture, you're quite right about the allocatable bogons (and thanks for the link ).

I was writing with the narrow thought of the particular multicast addresses XV had found.

SD

hehe, probably all three at any one time

Bizarrely, one of my IT-mates was giving tech support to the writer of that series last night. It seems he's a big Left 4 Dead fan

Yes, sorry about that !

I'll try to leave you to it now, since he did ask for you in the first place !

mixture, SD, and M-B

Wow!
I'm actually kinda pleased that I had the problem that started this all off.
The thread is fascinating, and although far from being a computer numpty I have certainly learned much of practical benefit and enjoyed digging a little deeper in to vast territories new.

Now to pluck up the courage to use Putty.exe (installed and a test login to the NAS worked) to put that bullet through MioNet.

It does make me wonder though about the majority of internet users who just about know how to plug their ADSL modem in or reboot it if the network crashes...


Cheers,
XV

X105,

You've hit the nail on the head there.

THAT is the absolute example of why the current IT industry has to change radically away from the box-shifting model. It's all about sell, sell, sell .... for example, to become a "Microsoft Gold Partner", it's 95% about how much Microsoft stuff you sell and 5% about trained staff and satisified customers. The same for most other names out there, so I'm not just picking on Microsoft.

If home users were adequatley educated and supported post-sales, particularly in relation to security many problems would be greatly reduced, if not almost eradicated ..... propagation of viruses , botnets and spam relays being one of them !

But even if they don't want to spend the money on post-sales hand-holding, many of the products out there could easily be more secure "out of the box" with minimal additional development cost to the manufacturer/developer.

Taking your example, WHY should uPNP be enabled by default ? It should have been your explicit choice to enable it once you had clicked "OK" to half a dozen popups telling you how bad it could be !

WHY should the default Windows acount have administrator rights ? 99% of what you do on your PC does not need admin rights !

Anyway, I could rant all day , but I'll stop here ... since nobody with any significant influence in the IT industry cares anyway, as long as they get their fat salary at the end of the month and the company that employs them manages to snatch a few measly percent more market share from the nearest competitor !

Feel free to come back and ask questions, I'm sure one of us will pluck up the courage to help you ! I'm sure you'll be fine though ! Just don't do the famous "rm -rf /" !

I'm assuming that the talk of putty (and rm -rf /) means that you have discovered that there's a linux / unix OS powering the NAS and that you are contemplating firing up a blowtorch to make "adjustments"?

Sounds like fun.

SD

SD:

Yup
It's running BusyBox on Linux.

Having established what SSH is (something else learned as a result of the problem encountered) and how any command line hacking automatically invalidates the warranty I was amazed to then find "Enable SSH" as an option in the Admin console! Sure enough, duly enabled and using aforementioned Putty I connected first time using root/welc0me.

At this stage I simply want to do two things:

1) Change the root password!
2) Kill the MioNet service by removing the start command. A quick Google has revealed some possibilities on how to do this but I don't want to end up with a brick instead of a NAS so I'll "measure twice (or three times or four) and cut once".

mixture:

I couldn't agree more!

Incidentally, if the NAS is a ReadyNAS from Netgear, I have some very good links into that company and can deal with most issues.

Thanks for the offer, M-B, but whilst the Netgear ReadyNAS was one of the ranges I looked at, I ultimately purchased a WD MyBook World Edition II device.

I've just read this whole thread from start to finish twice!

Some very useful and eye opening information in there, unlike XV105 I want / need to access a remote NAS and I want to transfer the data from that NAS to another NAS in our main office and I want to do that daily.

I was considering using MioNet because I have it bundled with both NAS devices, a Western Digital MyBook World 1TB and a Western Digital ShareSpace 4TB. The software is also capable of running scheduled FTP so I was thinking perfect, I could run it at night when the LAN's aren't being used and everyone is tucked up in bed, except of course, our hacker mates.

The data on the remote NAS is not that critical and sending it over the internet does not pose any real security threat to our company but the NAS in the main office has or will have stuff on it that is confidential, I cannot risk exposing that data.

I'm still in a bit of quandary to be honest and MioNet are doing their best to convince me that there system is safe and secure.

Hmmmm.

Anyway, just wanted to let you know that this thread has helped more than just XV105

Al.

Gwilo,

Welcome to PPRuNe, I see you've made good use of your inaugural post !

Glad this thread has been of use to more than XV.

I shall leave you to your deliberations, but feel free to come back and ask questions in a new post if you're stuck.

Hey Mixture, thanks very much...

I particularly liked this thread because XV made very clear and understandable posts and he came back and posted the solution, you don't get that very often, most people take the advice, fix the problem and then don't even bother thanking anyone, let alone confirming the solution and of course, this is very relevant to what I will soon be attempting to do.

And thanks for inviting me back if I get any problems, I'll be trying to execute my little project within the next couple of weeks, so I've bookmarked this thread