Apparently there are numerous attempts to log into my NAS (with invalid passwords) from the WAN side. Synology offers a feature to block IP addresses after a couple of invalid attempts and also log that blocking, and I am making use of that feature. After quite some months I got worried by the overwhelming number of such attempts. Today I disabled password authentication all together. I (and “everybody”) can still log in through the web GUI DSM interface.