NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Readynas 526X - Network Access Whilst Resync
Hi all,
Today i've been setting up my new ReadyNAS 526X. I've destroyed the original volume and now created a RAID-6 one which is in the process of resyncing.
Whilst this is ongoing, I've been setting up my shares / users etc. However, I have lost connectivity via ping and SSH on a couple of occasions and this seems to follow accessing the shares via SMB. Is this just due to the resyncing operation in the background?
Thanks...
All I have solved this myself... It seems Symantec Endpoint Detection blocks the device due to a suspect port scan. See this in logs:
Somebody is scanning your computer.
Your computer's UDP ports:
61393, 61783, 50935, 57172 and 64028 have been scanned from 192.168.10.21.Somebody is scanning your computer.
Your computer's UDP ports:
54855, 58387, 56777, 60113 and 54196 have been scanned from 192.168.10.21.The client will block traffic from IP address 192.168.10.21 for the next 600 seconds (from 01/11/2016 17:03:22 to 01/11/2016 17:13:22).
According to: https://support.symantec.com/en_US/article.tech165237.html
The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds.
It is not unknown for legitimate software to act in a way which triggers this event. (It all comes down to the way in which the software is designed to function and communicate.) Administrators should monitor their networks and grow to recognize what is expected and unexpected within their domain.
3 Replies
Replies have been turned off for this discussion
To provide an update on this, there appears to be an issue / bug with this unit.
Even after the resync and FW upgrade to 6.6.0 I see the interface lock up and no longer able to ping or access the device... The trigger seems to be accessing shares via SMB.
I guess I will need to open a support case and provide logs.
Support case 27614721 raised.
All I have solved this myself... It seems Symantec Endpoint Detection blocks the device due to a suspect port scan. See this in logs:
Somebody is scanning your computer.
Your computer's UDP ports:
61393, 61783, 50935, 57172 and 64028 have been scanned from 192.168.10.21.Somebody is scanning your computer.
Your computer's UDP ports:
54855, 58387, 56777, 60113 and 54196 have been scanned from 192.168.10.21.The client will block traffic from IP address 192.168.10.21 for the next 600 seconds (from 01/11/2016 17:03:22 to 01/11/2016 17:13:22).
According to: https://support.symantec.com/en_US/article.tech165237.html
The SEP firewall detects the behavior as port scan attack if the same IP address accesses more than 4 ports within 200 seconds.
It is not unknown for legitimate software to act in a way which triggers this event. (It all comes down to the way in which the software is designed to function and communicate.) Administrators should monitor their networks and grow to recognize what is expected and unexpected within their domain.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
