Login attempts from an unusual IP

Follow

Russell Vaught

• December 01, 2025 17:44

My Synology NAS reported repeated attempts to log in using SSH. None were successful since I use very long and random passwords on this device, which is isolated by my Firewalla Gold Pro on a separate LAN. The hacker had a "Private IP" so I have no idea where the attack was coming from. I have blocked SSH to this device and I have seen no more attempts. I have attached the report for one of the about 100 attempts. 

Can a rule be created to block any incoming traffic that lacks an IP address?

0

• 

  Firewalla

  • December 01, 2025 18:08

  Are you running a firewalla vulnerability scan? 

  0

  Comment actions Permalink
• 

  Russell Vaught

  • December 01, 2025 21:41
  • Edited

  Yes. There were 114 unsuccessful attempts to login. Since I blocked SSH, I have not seen new probes. They switched to FTP

   

  0

  Comment actions Permalink
• 

  Firewalla

  • December 01, 2025 23:20

  Vulnerability scans will attempt to try default passwords and many other things. So, what you see is "normal" operations from the firewalla 

  0

  Comment actions Permalink
• 

  Russell Vaught

  • December 03, 2025 20:48
  • Edited

  I blocked all ports on LAN 2 except 5000 and 5001. I route all incoming web traffic to LAN 2. I also changed the DNS name. No more hits. I have a back door on LAN 1 to control the NAS and update software. 

  0

  Comment actions Permalink
• 

  Firewalla

  • December 04, 2025 04:20
  • Edited

  You just need to skip the device when volunerability scan is running. (picking the scan scope) https://help.firewalla.com/hc/en-us/articles/115004274513-Firewalla-Feature-Guide-Scan#h_01HTZXFV73HTYH26S1JZVDC00P

  0

  Comment actions Permalink

Please sign in to leave a comment.