I have a LS-XHL, a network alert was triggred indicating that the drive was seeding large amounts data, altough web acess, ftp, media server, and torrent server, etc. are disabled but my router is showing that 5 mb/s is being downloaded from the drive from out side my network. Are there any logs l can view to determine what/who is connected to my drive or what IP is pulling data off of it from within the nas drive? Has anyone hacked into one of these NAS drives? How secure are these drive? This is undoubtedly an intruder, once I power off the drive all outbound data traffic ceases.
I was also able to track the IP address connected to my drive through my router: IP address: 195.28.89.250
This is a: Slovakia IP address
195.28.89.250 converted to decimal and hex:
IP decimal IP hex 3273415162
c31c59fa
Are you sure web access is disabled? I see from your previous posts that you at least were using it at one time. If any folders are set to "allow anonymous", this could explain it.
Which source and destination port numbers was the inbound and outbound traffic using?
These devices are very secure, and if your firewall is good, that makes it even more secure. In the unlikely scenario that it was indeed hacked, a force firmware update should resolve the issue.
Well I was using the web access earlier, but it was only setup for me, and anyonmous was disabled. Once I noticed the outgoing data, i disabled web acess, and the data kept flowing. The weird thing is that when i rebooted the drive, after it boots up it starts sending massive amounts of data on it's own to the same IP address after every reboot and all services are disabled on it. I even blocked all ports on my router although upnp is enabled. Is it possible that someone found and exploit and excuted their code on my drive? Also will a forced firmware update (I am running the latest version) wipe anything on the drive, it's an AES encypted music backup alone with some movies so no biggie just a large amount of data. Also is their any way i can submit something from the drive so that buffalo can check to see if it's been exploited? I'd be happy to submit the drive for further investigation. I will also attempt to obtain the port that the connection occured on and will repost once available. Additionally im running a linksys with ddwrt so it's a nat with packet inspection, intrusion detection w/alerts/logging. Please let me know what you suggest. I appreciate your assitance.
My only concern about the forced firmware update is that if there is a vulnerability within the drive, someone would simply be able to exploit that vulnerability again. Have any vulnerabilities been discovered within the latest firmware, and if so are any patches planned? Also my logs indicate that the connect to the nas occurred on port 80. Even when web access was enabled I was using port 8050. Something is definitely fishy.
Fair enough. PM me your phone number so I can call you to set up an RMA. I'm very curious about this too. Please don't reset or change any further configurations on the device, in case that fixes the problem. I want to see exactly what's going on with this device.