Firewall and Security Vulnerabilities in TOS

IPv4/6, Port, VPN, proxy, SSH, remote access and more.
Locked
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Firewall and Security Vulnerabilities in TOS

Post by titanrx8 »

I installed a hardware based firewall on my LAN when I started to see the QNAP cryptos and lockers in the news. It wasn't long until TNAS was targeted as well. I keep my TOS machines completely locked from internet access except for occasional brief app updates.

My firewall usually blocks 1000 or more outbound flows from each TOS machine every 12 hours. Today, I temporarily opened the access to one of the TOS units for an update. Within 1 minute, TOS was attempting to connect to "members.3322.org". This domain has an untrusted web reputation with Cisco Talos.

Recommend adding a firewall rule to all of your TOS systems to prevent communication with this domain.

PS: this isn't the only untrusted site that TOS attempts to contact. I'll compile a list of others.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Firewall and Security Vulnerabilities in TOS

Post by TMroy »

Thank you for your report.
the members.3322.org is the default DNS request in TOS, we will report to the tech team, and ask them to recheck the security of these default DNS request services.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Locked