NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Symantec Endpoint Protection ReadyNAS Port Scan
Hi all, Earlier I had an issue with lost network access: https://community.netgear.com/t5/Using-your-ReadyNAS/Readynas-526X-Network-Access-Whilst-Resync/m-p/1164297#M118852 I now know this to...
Thanks... It took me by surprise.
My version is SEP 12.1RU6 (12.1.6608.6300)
I am surprised at that activity from the NAS.... It is pretty standard, no applications or anything fancy going on. Just plain old SMB and that's it.
I installed plex, so some traffic may be coming from there. SEP version 12.1.7061.6600
I am not seeing SEP block the NAS, though I am seeing some blocked traffic. Here's a log snippet - the NAS is 10.0.0.47, the laptop is 10.0.0.26 (wifi) and 10.0.0.46 (ethernet)
| Time | Allow/Block | Severity | Directon | Protocol | Remote Host | Remote Port | Local Host | Local Port | Occurences | Rule |
| 49:43.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 42546 | 10.0.0.255 | 32412 | 8 | Block broadcast and multicast traffic and don't log |
| 49:43.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 37028 | 10.0.0.255 | 32414 | 8 | Block broadcast and multicast traffic and don't log |
| 49:49.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 42546 | 10.0.0.255 | 32412 | 2 | Block broadcast and multicast traffic and don't log |
| 49:49.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 37028 | 10.0.0.255 | 32414 | 2 | Block broadcast and multicast traffic and don't log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 42546 | 10.0.0.255 | 32412 | 3 | Block all other IP traffic and log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 37028 | 10.0.0.255 | 32414 | 3 | Block all other IP traffic and log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 45419 | 10.0.0.26 | 58457 | 4 | Block all other IP traffic and log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 57273 | 10.0.0.26 | 56600 | 2 | Block all other IP traffic and log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 58434 | 10.0.0.46 | 58456 | 2 | Block all other IP traffic and log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 60342 | 10.0.0.46 | 54142 | 2 | Block broadcast and multicast traffic and don't log |
| 49:54.0 | Blocked | 15 | Incoming | UDP | 10.0.0.47 | 39474 | 10.0.0.46 | 56599 | 2 | Block broadcast and multicast traffic and don't log |
I usually do see some issues when I bring the PC out of sleep. Our corporate policies require the corporate VPN connection to be up and running before they allow my laptop to access a network share. The log snippet is about the time I docked the laptop and started it up again. Note I'm not in IT, so I have limited visibility into the app details, and no control over policy settings.
Very interesting... I certainly would welcome some feedback from engineering on this.
The action which SEP takes will depend on the security policies and rules in place. Mine are the plain defaults.
steveoelliott wrote:
The action which SEP takes will depend on the security policies and rules in place. Mine are the plain defaults.
Our policies completely blocked access to my home office network printer. Eventually I found a network discovery option in the printer settings that I could disable to prevent that.
I'm keen to understand what this traffic is and why it is being sent. Perhaps I need to take a wireshark.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
