Diskstation DS211 waking up a lot.

All questions regarding system hibneration may be placed here. Thanks!
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu

Diskstation DS211 waking up a lot.

Postby mooker » Sun Apr 08, 2012 6:51 pm

My DS211 is waking up every 10 to 30 minutes even when I am not accessing it. Here is the log of what is happening and a lot of these IP addresses are from outside the US. What would cause all this to occur? I use DynDNS, could this be causing the problem? Also, what is port 445 used for? Could I fix the problem by blocking that port? Any help would be appreciated as I am not tech savvy with this type of stuff.

Log:
[LAN access from remote] from 50.27.194.90:1061 to 192.168.1.5:445, Sunday, April 08,2012 08:51:26
[LAN access from remote] from 182.9.177.230:3001 to 192.168.1.5:445, Sunday, April 08,2012 08:51:15
[LAN access from remote] from 109.96.248.107:1180 to 192.168.1.5:445, Sunday, April 08,2012 08:46:15
[LAN access from remote] from 89.178.35.35:1115 to 192.168.1.5:445, Sunday, April 08,2012 08:36:16
[LAN access from remote] from 222.76.250.4:1668 to 192.168.1.5:445, Sunday, April 08,2012 08:32:10
[LAN access from remote] from 24.104.156.14:31550 to 192.168.1.5:445, Sunday, April 08,2012 07:59:57
[LAN access from remote] from 76.0.203.182:2933 to 192.168.1.5:445, Sunday, April 08,2012 07:41:48
[LAN access from remote] from 65.163.244.214:2821 to 192.168.1.5:445, Sunday, April 08,2012 07:34:16
[LAN access from remote] from 188.18.87.207:1891 to 192.168.1.5:445, Sunday, April 08,2012 07:32:56
[LAN access from remote] from 60.190.152.22:24737 to 192.168.1.5:445, Sunday, April 08,2012 07:22:42
[LAN access from remote] from 85.122.5.224:48219 to 192.168.1.5:445, Sunday, April 08,2012 07:20:30
[LAN access from remote] from 221.207.61.74:49402 to 192.168.1.5:80, Sunday, April 08,2012 06:58:32
[LAN access from remote] from 200.162.43.6:3661 to 192.168.1.5:445, Sunday, April 08,2012 06:32:15
[LAN access from remote] from 78.63.240.83:1575 to 192.168.1.5:445, Sunday, April 08,2012 05:50:50
[LAN access from remote] from 8.3.161.214:56065 to 192.168.1.9:27161, Sunday, April 08,2012 05:48:02
[LAN access from remote] from 31.14.220.195:3417 to 192.168.1.5:445, Sunday, April 08,2012 05:37:36
[LAN access from remote] from 84.2.195.143:3376 to 192.168.1.5:445, Sunday, April 08,2012 05:27:58
[LAN access from remote] from 114.40.184.28:3871 to 192.168.1.5:445, Sunday, April 08,2012 05:26:56
[LAN access from remote] from 176.241.229.45:2118 to 192.168.1.5:445, Sunday, April 08,2012 05:26:27
[LAN access from remote] from 109.169.73.167:2744 to 192.168.1.5:445, Sunday, April 08,2012 05:00:59
[LAN access from remote] from 221.207.61.74:49402 to 192.168.1.5:80, Sunday, April 08,2012 04:53:23
[LAN access from remote] from 80.253.62.24:3985 to 192.168.1.5:445, Sunday, April 08,2012 04:47:44
[LAN access from remote] from 70.17.254.34:2843 to 192.168.1.5:445, Sunday, April 08,2012 04:46:35
[LAN access from remote] from 211.76.78.175:4616 to 192.168.1.5:445, Sunday, April 08,2012 04:30:35
[LAN access from remote] from 212.160.237.231:4150 to 192.168.1.5:445, Sunday, April 08,2012 04:14:48
[LAN access from remote] from 118.232.62.44:2157 to 192.168.1.5:445, Sunday, April 08,2012 04:11:51
[LAN access from remote] from 202.162.221.229:2194 to 192.168.1.5:445, Sunday, April 08,2012 04:10:04
[LAN access from remote] from 206.223.246.146:2676 to 192.168.1.5:445, Sunday, April 08,2012 04:08:59
[LAN access from remote] from 111.249.16.85:3465 to 192.168.1.5:445, Sunday, April 08,2012 04:08:36
[LAN access from remote] from 186.240.36.199:4048 to 192.168.1.5:445, Sunday, April 08,2012 03:56:42
[LAN access from remote] from 78.84.182.135:2926 to 192.168.1.5:445, Sunday, April 08,2012 03:33:00
[LAN access from remote] from 221.207.61.74:49402 to 192.168.1.5:80, Sunday, April 08,2012 03:28:04
[LAN access from remote] from 94.52.83.132:3787 to 192.168.1.5:445, Sunday, April 08,2012 03:19:28
[LAN access from remote] from 213.250.216.116:2970 to 192.168.1.5:445, Sunday, April 08,2012 03:13:34
[LAN access from remote] from 84.3.86.2:2765 to 192.168.1.5:445, Sunday, April 08,2012 03:09:08
[LAN access from remote] from 71.42.206.66:51334 to 192.168.1.5:445, Sunday, April 08,2012 03:04:21
[LAN access from remote] from 111.250.48.85:2637 to 192.168.1.5:445, Sunday, April 08,2012 02:51:39
[LAN access from remote] from 66.115.85.147:2247 to 192.168.1.5:445, Sunday, April 08,2012 02:33:23
[LAN access from remote] from 77.35.210.117:3249 to 192.168.1.5:445, Sunday, April 08,2012 02:33:03
[LAN access from remote] from 211.74.78.12:4460 to 192.168.1.5:445, Sunday, April 08,2012 02:26:34
[LAN access from remote] from 188.143.70.40:4206 to 192.168.1.5:445, Sunday, April 08,2012 02:26:12
[LAN access from remote] from 86.63.100.200:3118 to 192.168.1.5:445, Sunday, April 08,2012 02:08:10
[LAN access from remote] from 168.96.200.3:3762 to 192.168.1.5:445, Sunday, April 08,2012 02:05:48
[LAN access from remote] from 78.48.12.15:2842 to 192.168.1.5:445, Sunday, April 08,2012 01:58:12
[LAN access from remote] from 88.179.114.164:3500 to 192.168.1.5:445, Sunday, April 08,2012 01:55:20
[LAN access from remote] from 188.173.102.51:3248 to 192.168.1.5:445, Sunday, April 08,2012 01:52:15
[LAN access from remote] from 46.49.111.228:4681 to 192.168.1.5:445, Sunday, April 08,2012 01:50:57
[LAN access from remote] from 184.106.77.103:1404 to 192.168.1.5:445, Sunday, April 08,2012 01:47:27
[LAN access from remote] from 27.69.100.72:1661 to 192.168.1.5:445, Sunday, April 08,2012 01:46:49
[LAN access from remote] from 159.224.28.227:3053 to 192.168.1.5:445, Sunday, April 08,2012 01:39:38
[LAN access from remote] from 31.171.52.45:1582 to 192.168.1.5:445, Sunday, April 08,2012 01:38:30
[LAN access from remote] from 219.136.206.12:27443 to 192.168.1.5:445, Sunday, April 08,2012 01:08:00
[LAN access from remote] from 77.113.38.66:1835 to 192.168.1.5:445, Sunday, April 08,2012 01:07:36
[LAN access from remote] from 89.46.183.49:3955 to 192.168.1.5:445, Sunday, April 08,2012 00:55:14
[LAN access from remote] from 221.207.61.74:49402 to 192.168.1.5:80, Sunday, April 08,2012 00:52:14
mooker
I'm New!
I'm New!
 
Posts: 2
Joined: Sun Apr 08, 2012 6:35 pm

Re: Diskstation DS211 waking up a lot.

Postby maxxfi » Mon Apr 09, 2012 8:30 am

mooker wrote: Also, what is port 445 used for?


Uh, oh... it's better you close all access from remote for the time being!
Port 445 (tcp) is access to Windows File Sharing
http://www.linklogger.com/TCP445Scan3.htm

After that, start your forensic work:
- check any logs that are enabled on the Synology
- run antivirus/antimalware on the archive
- inspect any directory for unusual content

Then, let's have a look at what ports you should open to outside world, and which ones should be instead bolted shut :)
DS-411 (DSM 4.3-3810) w/ 2x WD10EFRX + 1x HD154UI
DS-106j (DSM 3.0-1357), PATA-to-SATA adapter, 2.5" HM250HI
User avatar
maxxfi
Programmer
Programmer
 
Posts: 5606
Joined: Sun Dec 27, 2009 12:13 pm
Location: Espoo, Finland

Re: Diskstation DS211 waking up a lot.

Postby mooker » Mon Apr 09, 2012 4:20 pm

I set up the firewall to reject all ports except those necessary for me to manage the device. I looked at the files and nothing is out of the ordinary. I am running a full virus scan now. I have not read through the logs yet, but I will and will let you know what I find. Is there a better place to get a dynamic DNS than DynDNS? I'm sure these people just put in random addresses for urls from DynDNS and just start attacking. Is there a better way to route to my DS211 without putting it at risk? Thank you for your help! I immediately blocked port 445 and access dropped significantly. Still having hits on port 443 and others, but not nearly as often. Can they get to my DS without a username and password if I have the guest account turned off? My firewall on the DS is now on with just a few ports open to access the web interface.
mooker
I'm New!
I'm New!
 
Posts: 2
Joined: Sun Apr 08, 2012 6:35 pm

Re: Diskstation DS211 waking up a lot.

Postby myCloud » Sun Apr 15, 2012 4:13 pm

This why when I go to run a web server or a mail server, I'll get a 1-bay DS, put it in the DMZ between the UVERSE router and the AirPort Extreme router, and forward the appropriate ports to the 1-bay on the UVERSE router.

Getting to your situation. The default port for DSM is 5000, that for uPnP, certain to be included in scans. As a minimum, I'd add HTTPS on 5001 and auto-redirect to that, as well as change the port forwarding on the router from 5000->5000 and 5001->5001 to something like 22050->5000 and 22051 -> 5001 (rarely scanned high numbered ports) and use those when you're outside your network.
DS 1512+ w/3GB, 5 x 3TB Seagate ST3000DM001 8.2TB RAID 6, half files/half Time Machine.
Icy Dock MB559U3S-1SB enclosure w/4TB Hitachi UltraStar via USB 3 for files backup
UVERSE to AirPort Extreme + 2 AirPort Express w/speakers. TRENDnet TV-IP312WN camera
CyberPower CP1500PFCLCD Sine Wave UPS
DSM 4.1-2661 w/SSH + SFTP, VPN Server, Syslog Server, Media Server, Mail Server, Mail Station,
Audio Station, Surveillance Station, Photo Station, Web Station - DS Apps on iPad & iPod Touch.
User avatar
myCloud
Skilled
Skilled
 
Posts: 648
Joined: Fri Mar 23, 2012 11:28 am


Return to Hibernation Room

Who is online

Users browsing this forum: No registered users and 1 guest