NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
GC510P accessing malware site?
Hi everyone,
I have a GC510P switch accessing the Internet thru a Firewalla Firewall which detected that it was accessing the site 94.16.114.254 on port UDP 123 (ntp). This IP address is flagged by 7 vendors in VirusTotal as Malware.
I have this setup for more than a year now and this is the first time a get a malware flag on any Netgear Products.
Has anyone experience the same issue? is there a explanation for this switch accessing this IP address?
Thanks for your help.
Best regards,
1 Reply
Welcome to the community! 🙂
Are there any computers directly connected to the GC510P? If yes, it is possible that one or several computers are accessing the malware site.
To further isolate the problem, I suggest you to set up port mirroring on the GC510P. Select one or more ports as source ports on the GC510P. Then, select one port as destination port on the GC510P where a computer (installed with Wireshark) is directly connected. Run Wireshark and observe. It would be best that Wireshark would be able to capture what occurs through the source ports (accessing the malware site). The moment that it captures it, stop Wireshark and save the packet capture.
Kindly read page 387 of the GC510P user manual here on how to set up port mirroring. You may download Wireshark on this link. As reference, check this link I found online on how to use Wireshark.
For the captured packets to be analyzed, kindly open a support ticket with NETGEAR Support here and attach the captured packets from Wireshark for it to be analyzed by the NETGEAR Support team.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
