CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today

IPv4/6, Port, VPN, proxy, SSH, remote access and more.
Locked
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today

Post by titanrx8 »

I have 2 x f2-221 on my network. Neither has been enabled for access outside of the LAN. The second server is used only for an rsync destination of the first server. It has no apps installed beyond the TOS basics that were loaded along with the installation of 4.2.14

This afternoon, my router firewall detected several attempts to use an exploit attack (CommandInjection.Gen.3 and
CommandInjection.Gen.112) on the rsync server. The firewall rejected the attempts and there are no TOS log entries showing that would indicate that any attempts had succeeded.

I have 2 questions:

1. How would the IP address of my TOS server be known anywhere while it has never accessed the internet except for the initial installation of TOS?

2. What firewall settings should be set in TOS to prevent any external access in the event that something got past the router firewall?

Thank you.
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today

Post by TMSupport »

1. You can use TNAS PC to search IP address, and then access.
2. You can create a firewall rule that rejects some unused ports.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
deejc
Posts: 111
Joined: 09 Mar 2021, 03:35

Re: CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today

Post by deejc »

Upnp enabled and mapping ports ?
F2-220 WITH 2 x WD RED 2TB RUNNING 4.2.17
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today

Post by titanrx8 »

deejc wrote: 13 Aug 2021, 03:13 Upnp enabled and mapping ports ?
Upnp was enabled but it was also enabled on my other TOS system on the same subnet which was not targeted.They're disabled now (upnp really wasn't working anyway. Anything that needs to get to the servers over the lan has the access required already).

I suspect that the remote ssh app that I used on my tablet might have leaked the ip. It was the only app that had the TOS server address.

It's just a bit worrisome because the same day that the exploits were happening the Qnap and Synology hacks were in the news.
Locked