CommandInjection.Gen.3 and CommandInjection.Gen.112 exploit attacks today
Posted: 12 Aug 2021, 05:43
I have 2 x f2-221 on my network. Neither has been enabled for access outside of the LAN. The second server is used only for an rsync destination of the first server. It has no apps installed beyond the TOS basics that were loaded along with the installation of 4.2.14
This afternoon, my router firewall detected several attempts to use an exploit attack (CommandInjection.Gen.3 and
CommandInjection.Gen.112) on the rsync server. The firewall rejected the attempts and there are no TOS log entries showing that would indicate that any attempts had succeeded.
I have 2 questions:
1. How would the IP address of my TOS server be known anywhere while it has never accessed the internet except for the initial installation of TOS?
2. What firewall settings should be set in TOS to prevent any external access in the event that something got past the router firewall?
Thank you.
This afternoon, my router firewall detected several attempts to use an exploit attack (CommandInjection.Gen.3 and
CommandInjection.Gen.112) on the rsync server. The firewall rejected the attempts and there are no TOS log entries showing that would indicate that any attempts had succeeded.
I have 2 questions:
1. How would the IP address of my TOS server be known anywhere while it has never accessed the internet except for the initial installation of TOS?
2. What firewall settings should be set in TOS to prevent any external access in the event that something got past the router firewall?
Thank you.