SOLVED I just received this alert:

Richardszu

Dabbler
Joined
Jan 21, 2022
Messages
49
Hello,
I just received this alert:
2 SSH login failures: Aug 19 11:54:45 truenas 1 2022-08-19T11:54:45.694886+02:00 truenas.local sshd 4383 - - error: kex_exchange_identification: banner line contains invalid characters Aug 19 11:54:45 truenas 1 2022-08-19T11:54:45.694992+02:00 truenas.local sshd 4383 - - banner exchange: Connection from 192.168.1.27 port 41336: invalid format
2022-08-20 00:00:35 (Europe/Paris)
Could someone tell me what this means?
Has anyone tried to connect to my NAS in SSH mode?
Thanks for your help Richard :)
 
Joined
Jun 2, 2019
Messages
591
What device on your LAN has IP address 192.168.1.27?
 

Richardszu

Dabbler
Joined
Jan 21, 2022
Messages
49
192.168.1.27
What device on your LAN has IP address 192.168.1.27?
Thanks for your reply elvisimprsntr,
I just scanned my network with Advanced_IP_Scanner
I do have the ip address: 192.168.1.27 and a Mac address, which is inactive at the moment without the details. So I don't know what it is?
How can I search and know I am on Windows 10?
I did ipconfig /all
But she is not there!
Thanks for your help Richard
 
Joined
Jun 2, 2019
Messages
591
You can use an OUI lookup tool to help identify the assigned manufacturer of the MAC address. Depending on the device, it may be listed as the chipset manufacturer or device manufacturer. Some operating systems allow use of a randomized private MAC address for privacy reasons, so don't be alarmed if it comes back as unknown.


You might look at your router logs to see what time of day the device authenticates to your wifi or gets assigned an IP address by your DHCP server.

Some third party and ISP routers, or security applications have built in network scanning tools and other security features that can sometimes trigger events on devices on your network.

If you think it might be a rouge device on your network (compromised IoT device, or someone connecting to your wifi network)
1. Block the MAC address from on your DHCP server (router, firewall, etc.)
2. Change your wifi passwords
3. Hopefully you are not port forwarding your NAS (or another other device) to the internet. If you are, immediately discontinue.
 

neofusion

Contributor
Joined
Apr 2, 2022
Messages
159
Your router might have a list of local devices since it probably handles DHCP. If you're fortunate it will include a hostname for the device in question which might give you a lead to what it is.

It's a device that can run SSH, so some form of physical or virtualised computer size unknown, which includes most phones and some network appliances.
 

Richardszu

Dabbler
Joined
Jan 21, 2022
Messages
49
Thanks to elvisimprsntr and neofusion,
To have answered me so quickly, I found the rascal :)
It was me with my Galaxy-Tab-S6-Lite tablet trying to connect in FTP mode with a new app.
A big thank you guys :) I now know how to find the ugly duckling who would dare to connect to my NAS. Thanks to you !!!
I'm sorry, but I didn't even realize the impact playing with my tablet could have on my NAS. So I disabled the automatic mounting of the SSH service. But I hope I will remember it when I need it! I think you understood me :)
Thank you for helping me so quickly!
I wish you a good day see you soon Richard :mad::wink:
 
Top