NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

whitedp's avatar
whitedp
Tutor
Apr 10, 2022

This IP Should Be Blocked For ALL SERVICES. Is it?

Hello and thanks in advance for any help. I have an IoT device that I wish to restrict to only my LAN. To do this in my R6400, I have used the admin pages under Security to Block Services. I have specified that for the device (192.168.1.37) I want to block ALL (this is TCP/UP and ports 1-65535).

 

Then I started to capture packets to confirm this is working as expected. The attached image shows an excerpt from the Wireshark display where I have filtered on the device's IP. It "appears" to my un-educated mind, that there is a "conversation" taking place between 192.168.1.37 and 52.53.61.98. I am not sure but this appears to be trying to created a TLS channel between the 2 IPs.

 

Seeing ANY RESPONSE coming from 52.53.61.98 is surprising and potentially concerning to me as I would have thought that any communication with the remove computer on this IP would never be seen since all outbound communications should be blocked.

 

But again, I am un-educated and so really do not know what I am doing/seeing. So if you can clarify this or enlighten me, it is appreciated.

 

Thanks

1 Reply

  • DexterJB's avatar
    DexterJB
    NETGEAR Moderator
    Apr 14, 2022

    Hi whitedp, we'd like to know the following

     

    May we know what type of device this is?

    Is there a way to interface with it and confirm if it is accessing the Internet (other than the Wireshark log)?

    You can try setting the same thing up for a device you can easily confirm with (ie. smartphone) to see if the function works.

     

    Dexter

    NETGEAR Team