Page 1 of 1

Firewall and Security Vulnerabilities in TOS

Posted: 04 Apr 2022, 01:31
by titanrx8
I installed a hardware based firewall on my LAN when I started to see the QNAP cryptos and lockers in the news. It wasn't long until TNAS was targeted as well. I keep my TOS machines completely locked from internet access except for occasional brief app updates.

My firewall usually blocks 1000 or more outbound flows from each TOS machine every 12 hours. Today, I temporarily opened the access to one of the TOS units for an update. Within 1 minute, TOS was attempting to connect to "members.3322.org". This domain has an untrusted web reputation with Cisco Talos.

Recommend adding a firewall rule to all of your TOS systems to prevent communication with this domain.

PS: this isn't the only untrusted site that TOS attempts to contact. I'll compile a list of others.

Re: Firewall and Security Vulnerabilities in TOS

Posted: 04 Apr 2022, 13:44
by TMroy
Thank you for your report.
the members.3322.org is the default DNS request in TOS, we will report to the tech team, and ask them to recheck the security of these default DNS request services.