Reply
Highlighted
Aspirant

Armor vulnerability scan triggers temporary blacklisting on my NAS

The Armor vulnerability scanning feature is nice  and a useful add-on, however: when it scans my NAS, the NAS interprets it as an attack and blocklists it for a few minutes... which then Armor interprets being blocked as having successfully detected a vulnerability.   Is there a way to tell Armor to leave my NAS alone?  I hesitate to whitelist the router on my NAS.

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 3
Highlighted
NETGEAR Moderator

Re: Armor vulnerability scan triggers temporary blacklisting on my NAS

Hi mthome, 

 

Curious to know, is Armor blocking the NAS every time there is a vulnerability scan and does it only happen on that particular NAS?

 

Thanks,

Christian 

Message 2 of 3
Highlighted
Aspirant

Re: Armor vulnerability scan triggers temporary blacklisting on my NAS

As far as I can tell, every vulnerbilty scan results in the NAS box putting the router   in the doghouse for a few minutes (The NAS logs report a possible attack) and then the router reporting the fact that it was blocked as evidence of a successful DOS/overflow vulnerability.   I understand and even approve of what both devices are doing, but, for instance, when my commercial ASV scanner runs against  our production resources, I can tell the vendor to throttle their probes or stop making  a particular attack on a specific host.   Whitelisting is the wrong  answer, just like I'd never tell my production servers "oh, don't worry about those DMZ hosts - they're totally never going to be owned."

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 217 views
  • 0 kudos
  • 2 in conversation
Announcements