Armor "Threat - Attack - Device: " shows my self hosted webserver as device - what does this mean ?
renewed my Armor subscription on MR60 nighthawk with latest firmware, MR60 internet port 80 is forwarded to MYWEBSRV which is a pc on my home network running a web server, it serves basic html pages.
This one sort of makes sense:
Threat - Suspicious Connection - Device: MYWEBSRV
"... a suspicious remote location IP nn.nn.nn.nn attempted a connection ... "
The IP example above is not in routers log and is not in MYWEBSRV log so no idea what is suspicious about it, what triggers Armor to determine something suspicious - does this message mean its denying legit browsing ?
The main concern:
Threat - Attack - Device: MYWEBSRV
"... Armor denied access to the potentially harmful website."
does this message mean its denying legit browsing ?, I dont see anything in router logs being forwarded to MYWEBSRV that match the timestamps in the Armor alert when this occurs - I also dont see anything in web server log to indicate anyone is browsing it at time of alert , I have scanned MYWEBSRV for virus including from cold boot and used glasswire+VirusTotal uploads to scan its few apps and everything is clean, what would trigger this type of behavior's from Armor ?
