Security messaging
11/10/22 13:06 Filed in: Security
Today my Synology Disk Station started telling me that it was blocking someone who was trying to brute force my admin account. It is not going to work. My admin account is disabled and has been since before the device was internet accessible, and probably will not be re-enabled unless it is needed by Synology support.
The problem is that the disk station is telling me it is being attacked and blocking it.
Do I want to know about an attack with no chance of success? and that the device knows has no chance of success at the moment.
The problem is that the disk station is telling me it is being attacked and blocking it.
Do I want to know about an attack with no chance of success? and that the device knows has no chance of success at the moment.
The quandary
There are 2 sides to this:
- The boy who cried wolf; and,
- Possibly an early warning
The boy who cried wolf
There is actually nothing I can do with this information the account is disabled and other than deleting it I can't make the noise go away. The attack is distributed so I can't just block the IP address. It definitely falls under the annoyance category.
All I can hope is that they will give up when they run out of entries to try in their list … but those lists are long now
Possibly an early warning
It did make me investigate the issue and determine it wasn't a problem. If they had been hitting other accounts I would have at least known it. So some good came of the warning.
Conclusion
Probably, better safe than sorry, but Synology an extra feature for your alerting: allow us to turn off alerts for disabled accounts or better still squelch them for 12 hours.