Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

Some Buffalo NAS devices have a default enabled setting that can lock out the user and source IP address when NovaBACKUP tries to authenticate to it (during a 'Local Backup' device add, etc.)

Some Buffalo NAS devices have a default enabled setting that can lock out the user and source IP address when NovaBACKUP tries to authenticate to it (during a 'Local Backup' device add, etc.), at least that have newer updated firmware installed on them (this new setting gets pushed by the firmware updates in most cases, starting on or around 09/24/2024 for certain Buffalo NAS models), have a setting that is default enabled, which is named "Abnormal Login Monitoring", and Buffalo describes that new feature as a "New feature that blocks users and source IP addresses after too many failed login attempts. This feature is enabled by default.". 

Note: The max number of invalid login attempts is not known yet for what the actual value is, but the timeout for the account lockout seems to be 10 minutes (not confirmed for either), to where it will unlock that account and source IP address to both be unlocked and usable again after that amount of time (the firmware release notes don't state what the actual values are though, as the firmware release notes just states "after too many failed login attempts" and "This feature is enabled by default.").

This feature being enabled can in some cases cause backup jobs to fail, as well as during a 'Local Backup' device add, etc.), where it will make it seem like that was due to an authentication issue (as it locks both the user on the NAS device and it locks out the source IP address as well, to make it seem like the requests are going "nowhere" in the communication path due to the latter item, like an echo chamber). We can see why a feature like this would be implemented on a NAS device, but they did not alert the customer that this feature would be default enabled, which could lead to problems after that, with legit applications such as the NovaBACKUP clien. to protect against a 'bad actor' in the network (ransomware, etc.), which can be exploited in that case, but in that case this default enabled feature can (and has been seen to) cause some problems with the NovaBACKUP client, for certain functions, and at certain specific times, when it comes to adding a 'Local Backup' device type to the backup client, where in that case it has to try to authenticate with whatever "Network Credentials" parameters that you tried to utilize when creating that device, and if the "Domain" value, the "Username" value, or the "Password" value is not specified in the correct format, or is not the correct value exactly, due to that the client has to attempt to authenticate to that NAS device with those specified credentials, for whatever or however you had specified them as, possibly INCORRECTLY in that case for one of the parameters / fields, and in that case that is what can cause the new feature to be utilized, where it will lock out that particular "NAS user" depending on certain criteria for max number of login attempts, that Buffalo themselves do not publish what those limits are in that case (as seen in the firmware description of that feature, that doesn't state what the max attempts and timeout values are there, it just says "after too many failed login attempts" and "This feature is enabled by default.". You can read more about that new (newish, as it was first seen in the Buffalo TeraStation 3430 model Release Notes on 09/24/2024, and in that case it may take awhile to filter down as a new "feature" in other firmwares for other models of Buffalo NAS devices in that case to be coded and received later by a customer that wants to do a firmware update in 2025) default enabled "feature" below.

This feature has been in Buffalo firmware, at least for this Buffalo TeraStation TS3030 model, since 09/24/2024, as seen in the firmware release notes here on their website, so it is not exactly new it seems (maybe new to ACS that updated to that firmware that was way out of date, recently, or something like that though); but it doesn't state what the max attempts and timeout values are here, it just says "after too many failed login attempts" and "This feature is enabled by default.":

https://dd00b71c8b1dfd11ad96-382cb7eb4238b9ee1c11c6780d1d2d1e.ssl.cf1.rackcdn.com/ts5020_3030_306en…

Version 2.10 [2024-09-24]
Added and Modified Features
[System]
• Now supports TS3030 series TeraStations.

[Users]
• Now a user can be created under the name “audio”.

[Groups]
• Now a group can be created under the name “audio”.

[Firewall (Packet Filtering)]
• New feature that allows/denies communication based on source port numbers or IP addresses. Also, service port restriction settings have been renamed to firewall settings. If you have configured service port restrictions, they will be automatically converted to firewall settings after the firmware update.

[Logs]
• Modified so that the IP address from which you are accessing Settings is now recorded in both the system and file access logs.

[Security/Encryption]
• Modified so that both the server certificate and secret key are now verified once imported.

[Abnormal Login Monitoring]
• New feature that blocks users and source IP addresses after too many failed login attempts. This feature is enabled by default.

[Abnormal File Activity Monitoring]
• New feature that monitors files on the TeraStation for abnormal file activity that may indicates ransomware and sends you a notification if detected. Due to lack of snapshot support, TS3030 series TeraStations only support the file extension portion of the feature.