[RainmakerRaw]

VM are minding their own business. They're an ISP and you're running equipment in a vulnerable state on their network. NETBIOS is easy to exploit over the internet, and an attacker can easily get into your local network, access your machines and/or hook you up to a bot net if you're exposed in this way.

NETBIOS/SMB operates over ports 137,138,139,445. It could be that you just have these ports exposed and it's triggered an automatic warning, but I doubt it as I've seen similarly unguarded networks a hundred times over and nobody has received anything about netbios vulnerabilities from VM.

Why do you need your SH firewall set to low or off in order to access the shares? Can't you simply put the NAS on a static LAN IP, then set up a port forward to the NAS UI and leave the firewall in situ? You would then be able to harden the NAS itself (e.g. restricting access to particular IPs and/or MACs, setting a very strong password etc).

Alternatively, much better yet, throw the SH into modem mode and set up a proper firewall appliance (e.g. pfSense). I can't envisage any reason you need to expose your local NETBIOS/SMB over the wider internet.