× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: NAS Connecting to Unknown IP

mitchlee83
Aspirant

NAS Connecting to Unknown IP

My router shows that my ReadyNAS is initiating a TCP outbound connection to the following IPs:

206.16.42.240:443
206.16.42.239:443

I have no idea what these IPs are and have been unable to find anything out about them via Google or reverse IP lookup. The IP resolves to a TomCat installation success page.

Should I be worried? Should I block these IP addresses?

Thanks
Message 1 of 11
TeknoJnky
Hero

Re: NAS Connecting to Unknown IP

Message 2 of 11
mitchlee83
Aspirant

Re: NAS Connecting to Unknown IP

Thanks TeknoJnky, I saw that post, but I'm not content with the explanation provided by that post:

1) that is the only post anywhere on the Internet regarding either of these two IPs. If this were a legitimate service request, you'd think there'd be more pages discussing it.

2) if a hacker wanted to ease a target's mind, the easiest thing they could do would be to post a single, short explanation to a forum.

3) I don't use leafp2p.

4) one would think that ReadyNAS Remote wouldn't use an unknown IP address that can't be resolved in any way to a specific legitimate owner / organization.

5) the poster restarted their machine and noticed the connection was gone. that doesn't really prove any correlation to the fact they uninstalled a component.

Maybe I'm too paranoid, but this single post isn't enough to reassure me.

It seems very peculiar to me that a legitimate service would be making calls to such an undisclosed source and that only one post on all the Internet would offer an explanation so
Message 3 of 11
mitchlee83
Aspirant

Re: NAS Connecting to Unknown IP

Also, I forgot to mention that something has been overloading my network recently, requiring me to restart my router or disconnect machines to restore the connection. This could could be explained by someone downloading massive amounts of information from the NAS.
Message 4 of 11
amac27
Aspirant

Re: NAS Connecting to Unknown IP

I would suggest that you set a static ip on your NAS and check if any of the computers in the network is compromised. It would be best to isolate the network devices to pin point which is causing the network problem.

Also check the firewall setting in the router.
Message 5 of 11
flyvert
Aspirant

Re: NAS Connecting to Unknown IP

Hi Mitch,

I can only reassure that I connected the foreign IP addresses to be used by ReadyNAS Remote. I guess it needs to login to a remote server hosting the ReadyNAS Remote authentication and tracking servicde to allow ReadyNAS Remote clients to find their way back to your NAS's public IP address (which may change due to your ISP rules, DHCP, et.c). HTTPS (port 443) is used to secure the connection and prevent unauthorized sniffing of the traffic.

If you want to go to bottom with this problem and is unable to get assistance from your vendor of NAS I suggest that you install the SSH add-on and login to it via e.g. PuTTY (freeware SSH client) and type some simple UNIX commands (or call a friend that can provide you with this if you unsure how to do it).

Then use the "netstat" command to trace in and outgoing connections.
The "-c" option causes netstat to loop continously (until you press CTRL-C).

Below is an example from my NAS
# netstat -p -c
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:40091 localhost.localdoma:nut ESTABLISHED2561/upsmon
tcp 0 0 localhost.localdo:54337 localhost.localdoma:ipp TIME_WAIT -
tcp 0 0 localhost.localdoma:nut localhost.localdo:40091 ESTABLISHED2543/upsd
tcp 0 0 MyNAS:microsoft-ds 192.168.0.200:62299 ESTABLISHED20440/smbd
tcp 0 0 localhost.localdo:54336 localhost.localdoma:ipp TIME_WAIT -
tcp6 0 148 MyNAS:ssh ::ffff:192.168.0.:62291 ESTABLISHED20350/0

The only external connections are MICROSOFT-DS (Windows File Sharing) and SSH to my laptop.

The "-p" option adds the PID/program name responsible for making outgoing connections or accepting incoming.

I believe you will see that the suspected connections you are seeing are caused by leafp2p (something ReadyNAS Remote drags in).

I also believe that you have ReadyNAS Remote and that removing it + rebooting the device will remove these connections.

/f
Message 6 of 11
mitchlee83
Aspirant

Re: NAS Connecting to Unknown IP

Thank you flyvert for the very thorough explanation. I was not aware that ReadyNas Remote would install leafp2p automatically.

Have a great day!
Message 7 of 11
TeknoJnky
Hero

Re: NAS Connecting to Unknown IP

remote and replicate both make use of leafp2p, which is the virtual private network system that netgear bought a couple years back.
Message 8 of 11
mitchlee83
Aspirant

Re: NAS Connecting to Unknown IP

For anyone who happens across this post, my friend also brought the following to my attention:

They look very close to the IP of readynas.com.

$ ping readynas.com
PING readynas.com (206.16.42.227): 56 data bytes
Message 9 of 11
flyvert
Aspirant

Re: NAS Connecting to Unknown IP

http://whatismyipaddress.com/ip/206.16.42.227 - Official http://www.readynas.com site
http://whatismyipaddress.com/ip/206.16.42.239 - ReadyNAS Remote, Replicate (LeafP2P)
http://whatismyipaddress.com/ip/206.16.42.240 - ReadyNAS Remote, Replicate (LeafP2P)

All seem to be registered near Eden Prairie, Minnesota, US

/f
Message 10 of 11
chaveiro
Aspirant

Re: NAS Connecting to Unknown IP

If you dont want to use ReadyNAS Remote or Replicate just install ssh access and Issue :
apt-get remove leafp2p
Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 1632 views
  • 0 kudos
  • 5 in conversation
Announcements