Simplest Question Ever

[Ebartone]

I have a NAS (Mybook Live) that is configured as a media server that I store media files on, and use ONLY in my local network - no WAN use at all. I have reason to believe, sadly, that there has been traffic to that drive through the WAN (using monitoring by IP). How can I block all traffic in and out of this device, on all ports to and from the WAN? Blacklist? Thanks!

 

[krum]

I have a WD mybook as well, I add it parental controls with not time allowed
easy and done

Chris

 

[Ebartone]

Thanks

I'll give it a try, thanks! Does that block traffic both ways on all ports? Thanks again.

 

[jlake]

I have a NAS (Mybook Live) that is configured as a media server that I store media files on, and use ONLY in my local network - no WAN use at all. I have reason to believe, sadly, that there has been traffic to that drive through the WAN (using monitoring by IP). How can I block all traffic in and out of this device, on all ports to and from the WAN? Blacklist? Thanks!

Which router do you have? Which firmware? The ac68 and ac56 have/had a severe security vulnerability that does/did allow access to SMB port 445 through the WAN. I tried warning as many people as I could. The general consensus on this forum was it was not a big deal to have your entire LAN exposed to the world through port 445. Lol. Mostly asus homers on this forum. some homers even got upset when I tried to warn people.

Merlin patched it in .39.

http://forums.smallnetbuilder.com/showthread.php?t=14660

 

[RMerlin]

Which router do you have? Which firmware? The ac68 and ac56 have/had a severe security vulnerability that does/did allow access to SMB port 445 through the WAN. I tried warning as many people as I could. The general consensus on this forum was it was not a big deal to have your entire LAN exposed to the world through port 445.

It wasn't exposing your entire network, only disks that were shared on the router itself.

 

[stafli]

I have a NAS (Mybook Live) that is configured as a media server that I store media files on, and use ONLY in my local network - no WAN use at all. I have reason to believe, sadly, that there has been traffic to that drive through the WAN (using monitoring by IP). How can I block all traffic in and out of this device, on all ports to and from the WAN? Blacklist? Thanks!

I used to have a Mybook Live myself, and as far as I can remember, it did have surprising connections outside the LAN. I figured ut that it checked WD for firmware updates (somwhere in Asia) on a regular basis.

 

[Ebartone]

Router Type

Which router do you have? Which firmware? The ac68 and ac56 have/had a severe security vulnerability that does/did allow access to SMB port 445 through the WAN. I tried warning as many people as I could. The general consensus on this forum was it was not a big deal to have your entire LAN exposed to the world through port 445. Lol. Mostly asus homers on this forum. some homers even got upset when I tried to warn people.

Merlin patched it in .39.

http://forums.smallnetbuilder.com/showthread.php?t=14660

My apologies, the router is Ac68, and I am now using _39 as well.

 

[Klyken]

Is there an equally simple command based alternative for Intranet/LAN only by IP?

 

[Pericynthion]

Also check under the mybooklive configuration for the 'remote access' option ( I believe this is enabled by default).
If this is enabled then the mybooklive will negotiate via unpnp to publish itself via the Western Digital mycloud service , which could explain the external traffic.

You can easily check under the system log/port forwarding section on the router - if you see 2 ports (8080 and 8443) negotiated for your mybooklive IP address then this is the remote access feature 'doing it's thang'.

If you disable the remote access ('settings / remote access' in in the mybooklive admin web page) then it will only give you LAN access (unless you go to the trouble of setting up manual port forwards).
But bear in mind you may also see some external traffic if you have automatic updated enabled for the mybooklive (under system/updates of the mybooklive admin web page).


Sent from my iPhone using Tapatalk

 

[diyguy]

silly question- how are you guys discerning that traffic is coming in from external WAN? What logs to look at ? I need to look at my own!

 

[seth_space]

additional tip.

If you use opendns there's a possibility to block domains or ip adresses on the dashboard site. After a few days of use there's a history of visited sites and domains with a ranking. Every domain or ip you suspect can be disabled. If there are unwanted side effects, you can easely enable the blocked domain again.

But first of all, try to look for the cause of the unwanted traffic.. malware infection maybe?
Of just a call home option on the WD? ( firmware, remote access options etc..)