Synology: About My IP Block List

Synology About My IP Block List

So many people have been asking me about my IP block list and how I make it. Today I’m going to tell you all about it. Up until this point I’ve been successful at blocking most, if not all of the attacks directed at my Synology NAS. But how did I create my list? Those of you who have been following my work/website for some time now may know I have two Synology NAS devices. A DS720+ on which I host this website, and a DS718+ which I use for various experiments and, at this very moment, for testing the upcoming DSM 7.0 version.

IP BLOCK LIST

CHANGELOG

My DS718+ NAS is currently isolated: it has its own Internet connection and functions separately from my other devices. Its ports are open to the Internet to receive any and all kinds of attacks. And it has a 200 characters long password (if anyone was wondering), making it essentially foolproof to any outside attempts to access it. My DS718+ is bait for anyone looking to do sketchy things, and those arrogant enough to think they can actually get in are blocked and sent to a black hole of oblivion they can never escape. I then use this info to generate a list of malicious IPs you too can use to boost security on your NAS. My deny IP list is essentially an extra layer of protection that blocks attacks to your NAS before they even reach your device. My deny IP list is also updated regularly to provide the best security for you.

Below is my DS718+ Synology NAS dedicated to my deny IP list work – a genuine blackhole for malicious users.

Dedicated Synology NAS deny ip list

Here is a picture of my router: a TL-R600VPN SafeStream Gigabit Multi-WAN Desktop VPN Router. It has no Desktop LAN access and no Wireless connection, and functions on a separate Internet connection, all for my deny IP block list.

TL-R600VPN SafeStream Gigabit Multi-WAN Desktop VPN Router

Deny IP list Legend:

Tracker

Software that converts an IP address into a hostname and provides location and other information.

Botnet

Collection of Internet-connected devices, which may include personal computers, servers, mobile devices and Internet of things (IoT) devices that are infected and controlled by a common type of malware.

Proxy

A proxy server is basically another computer which serves as a hub through which Internet requests are processed. By connecting to the Internet through proxies, the home IP address of your machine will not be shown. Instead the IP of the proxy server will be shown. Proxies are often used to access your NAS and router.

SSH

Also known as Secure Shell or Secure Socket Shell, SSH is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Many bad people will attempt to log into your NAS by trying to SSH your IP.

Spam

IP addresses or domains that are known sources of spam.

FTP attacker

A bad person that tries to connect to your open FTP ports.

Brute-force

A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

Note: I personally inspect all the IPs in my IP deny list once a month and test them using several sources to check their status.
Note: The mariushosting deny IP list is successfully used by over 1500 users.

This post was updated on Monday / September 28th, 2020 at 1:14 AM