NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Root connections
I was poking around and found the connections log. I found the attached screenshot. The first 3 are my local LAN IP. the bottom 4 root are not my IP. They are external IPs. What are these?
Hi vrspectre, you might want to use WHOIS to find out. See example below for the ipv4 local loopback IP-address and kind regards.
FWIW, 5.x.x.x are used by the ReadyCloud VPN (whois will give a different answer),
I looked at the whois 3 of the 4 are coming Amazon. Presumably something in AWS, and the 4th is form Huricane Electric. I would assume it's from one of those backu apps that comes installed with the readynas, but NONE of them are enabled. So why is their crap connecting to my box?
vrspectre wrote:
I looked at the whois 3 of the 4 are coming Amazon.
Which of course doesn't tell you anything (and neither does the hurricane electric one, since it's also a data center).
What apps and services are enabled?
NTP will of course make connections from time to time. The system will also periodically connect to the firmware update server.
StephenBwrote: "Which of course doesn't tell you anything".
Well, that seems to be somewhat wrong, because vrspectre's question was: "...are external IPs. What are these?" and after using whois he seems to know more than before. He points out: "3 of the 4 are coming Amazon. Presumably something in AWS, and the 4th is form Huricane Electric". To me, that seems like his first question is answered.
vrspectre's new and 2nd question: "So why is their crap connecting to my box?" I do not have an answer. But I have a suggestion how to continue:
1) With the information delivered by whois you could contact the owner of the ip address or domain behind it to ask what is going on.
2) If you cannot or do not want to do 1) you could block the concerned ip address or domain using a firewall in your router and investigate what is no longer working in your network. ...And do not block all suspicious ip addresses at the same time. Do one ip after the other to foster your decision to block or not to block. If all you need is working keep the blocked blocked, if not adjust as necessary.
Happy investigating and kind regards
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
