NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

steveoelliott's avatar
Nov 01, 2016
Solved

Readynas 526X - Network Access Whilst Resync

Hi all,

 

Today i've been setting up my new ReadyNAS 526X. I've destroyed the original volume and now created a RAID-6 one which is in the process of resyncing.

 

Whilst this is ongoing, I've been setting up my shares / users etc. However, I have lost connectivity via ping and SSH on a couple of occasions and this seems to follow accessing the shares via SMB. Is this just due to the resyncing operation in the background?

 

Thanks...

  • steveoelliott's avatar
    steveoelliott
    Nov 01, 2016

    All I have solved this myself... It seems Symantec Endpoint Detection blocks the device due to a suspect port scan. See this in logs:

     

    Somebody is scanning your computer.
    Your computer's UDP ports:
    61393, 61783, 50935, 57172 and 64028 have been scanned from 192.168.10.21.

     

    Somebody is scanning your computer.
    Your computer's UDP ports:
    54855, 58387, 56777, 60113 and 54196 have been scanned from 192.168.10.21.

     

    The client will block traffic from IP address 192.168.10.21 for the next 600 seconds (from 01/11/2016 17:03:22 to 01/11/2016 17:13:22).

     

    According to: https://support.symantec.com/en_US/article.tech165237.html

     

    The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds.

    It is not unknown for legitimate software to act in a way which triggers this event. (It all comes down to the way in which the software is designed to function and communicate.) Administrators should monitor their networks and grow to recognize what is expected and unexpected within their domain. 

3 Replies

Replies have been turned off for this discussion
  • To provide an update on this, there appears to be an issue /  bug with this unit.

     

    Even after the resync and FW upgrade to 6.6.0 I see the interface lock up and no longer able to ping or access the device... The trigger seems to be accessing shares via SMB. 

     

    I guess I will need to open a support case and provide logs.

      • steveoelliott's avatar
        steveoelliott
        Luminary

        All I have solved this myself... It seems Symantec Endpoint Detection blocks the device due to a suspect port scan. See this in logs:

         

        Somebody is scanning your computer.
        Your computer's UDP ports:
        61393, 61783, 50935, 57172 and 64028 have been scanned from 192.168.10.21.

         

        Somebody is scanning your computer.
        Your computer's UDP ports:
        54855, 58387, 56777, 60113 and 54196 have been scanned from 192.168.10.21.

         

        The client will block traffic from IP address 192.168.10.21 for the next 600 seconds (from 01/11/2016 17:03:22 to 01/11/2016 17:13:22).

         

        According to: https://support.symantec.com/en_US/article.tech165237.html

         

        The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds.

        It is not unknown for legitimate software to act in a way which triggers this event. (It all comes down to the way in which the software is designed to function and communicate.) Administrators should monitor their networks and grow to recognize what is expected and unexpected within their domain. 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More