Deco M5 security concerns

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Deco M5 security concerns

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Deco M5 security concerns
Deco M5 security concerns
2019-12-14 18:35:30
Model: Deco M5  
Hardware Version:
Firmware Version:

Hi there. I have 5 deco m5's in my house and they work really well. I have them setup to backhaul through Ethernet, and they provide a good mesh network.

 

I have two major security concerns though:

 

1. I keep getting reports of UDP port scans against my MyCloud mirror device. I have switched off all native internet access on the MyCloud and use it as network storage. However I get several attacks a day mostly at 3am which include various external IP addresses. How do they get through the firewall? I have isolated the device but the attacks still occur.

 

2. Today I received a notification that a new device called 'Estonia's-Finest" had joined my guest network. This is not a device belonging to me or anyone I know and the name is obviously devised to cause alarm/signal a hack. I've changed my account password but don't feel safe.

I assume that if someone had achieved root on my deco they would be able to create any notifications they liked? The device is sat there disconnected.

 

Any help would be appreciated! 
 

Thanks

 

 

Matt

  0      
  0      
#1
Options
4 Reply
Re:Deco M5 security concerns
2019-12-16 08:29:29

@Matt-G 

 

Thanks for your requesting.

 

What is the whole report message about the UDP port? And how do you connect this device to the Deco? 

 

Can you see this device under the online devices list of the Deco app? You can get its MAC address to distinguish what it is. 

 

Besides, generally speaking, with password enabled, devices won't be able to connect to the wifi without knowing wifi password. And the notification can not be made manually. 

 

You can setup a new complicated password for the Deco, and try to reset the password of your cloud account. 

 

Good day. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Deco M5 security concerns
2019-12-16 08:47:17

@Kevin_Z 

 

hi there, thanks for your reply!

 

The MyCloud mirror is connected by cat5e cable to a switch. The switch is connected to the main Deco.

 

In can see the device in my deco app, although having just looked it is showing as disconnected. I have isolated it from the internet and bannded it from visiting any urls it tried to visit automatically.

 

A typical report reads:

 

MyCloudMirror

Blocked 34.208.84.145

Classification UDP

PortScan

 

The IP address will change, but they are all external IP addresses. 
I don't understand how an external computer can attack my device through the router and deco? It shouldn't be visible to the internet.

 

regarding the rogue device connecting to my guest Wi-Fi, you assume that this is someone local guessing my Wi-Fi password and then using the device name to deliberately spook me?

 

I have Ring camera devices on the guest network which are also connected to Alexa, and I've seen some reports of security issues with this recently. 
 

thnaks again

 

matt

 

 

  0  
  0  
#3
Options
Re:Deco M5 security concerns
2020-03-27 20:43:20

@Matt-G Have you found out how this happened? Is it the Deco or was it something else?

  0  
  0  
#4
Options
Re:Deco M5 security concerns
2020-06-24 19:31:01

@Matt-G Any update?

  0  
  0  
#5
Options