× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Traffic to ReadyNAS being blocked

baronfunke
Aspirant
Aspirant
‎2016-07-27 05:29 AM
‎2016-07-27 05:29 AM

Traffic to ReadyNAS being blocked

Hello - I am running Symantec Endpoint Protection on my workstation, and it is periodically (regularly) blocking traffic from my ReadyNAS 312.  The error message I get is:

Somebody is scanning your computer.
Your computer's UDP ports:
63778, 64897, 50252, 58446 and 56153 have been scanned from *IP of ReadyNAS*

 

It looks like it only affects the computers I have the "workstation" version of SEP installed, which includes the Proactive Threat Protection and Network Threat Protection modules installed.  I don't have any apps installed on the ReadyNAS, so I'm not sure what part of its system would be scanning those ports, but I'm mostly curious if that is a known port request or if there's something malicious on my ReadyNAS.  Thanks!

Model: RN31200|ReadyNAS 300 Series 2- Bay
Message 1 of 7
0 Kudos
Reply
Chetan67
Aspirant
Aspirant
‎2016-07-28 01:12 PM
‎2016-07-28 01:12 PM

Re: Traffic to ReadyNAS being blocked

Hi,

 

I am Chetan Savade from Symantec Technical Support team. You can send me Network Threat Protection (NTP) traffic logs to review. Send logs at chetan_savade@symantec.com.

Navigate to SEP client GUI --> NTP --> Options --> View Logs --> Traffic log

 

If you feel it's a legitimate traffic setup a ReadyNAS in the excluded list. 

 

You can set up a list of computers for which the client does not match attack signatures or check for port scans or denial-of-service attacks. Network intrusion prevention and peer-to-peer authentication allow any source traffic from hosts in the excluded hosts list. However, network intrusion prevention and peer-to-peer authentication continue to evaluate any destination traffic to hosts in the list. The list applies to both inbound traffic and outbound traffic, but only to the source of the traffic. The list also applies only to remote IP addresses.

 

Refer this guide to make this exception:  

http://www.symantec.com/docs/HOWTO81159
 
Best Regards,
Chetan Savade
Message 2 of 7
0 Kudos
Reply
baronfunke
Aspirant
Aspirant
‎2016-08-04 04:48 AM
‎2016-08-04 04:48 AM

Re: Traffic to ReadyNAS being blocked

Thanks, Chetan,

 

Oddly enough this only happens on one workstation, which is physically connected to the same switch - another workstation further up the network chain with the same anti-virus client has no problems.  I would gladly add an exception to my SEP client, but it doesn't allow me to add folder exceptions unless it can connect to the folder (which it can't once the IP has been blocked [which is done as soon as I connect to the computer]).

 

Honestly, I think it's a question that could be answered by Netgear - are the ports listed in the original post used by any applications or services on the ReadyNAS, and if so, what are they?

Message 3 of 7
0 Kudos
Reply
StephenB
Guru Guru
Guru
‎2016-08-04 07:00 AM
‎2016-08-04 07:00 AM

Re: Traffic to ReadyNAS being blocked

@baronfunke wrote:

 

Honestly, I think it's a question that could be answered by Netgear - are the ports listed in the original post used by any applications or services on the ReadyNAS, and if so, what are they?

I agree that Netgear should be able to provide some info on port use.  All the ports on your list are reserved for private use, so its not clear to me why the NAS would be probing them.  If you have uPNP enabled as a service, perhaps disable that.

 

But I'd also accept Chetan's offer to help you analyze.  SEP can be quite aggressive on blocking traffic.  My client has blocked SVChost outbound, and also blocked my network printer.  Unfortunately I don't have the authorization needed to customize its rules/policies.  Eventually I found that off network discovery features in the printer solved that particular problem.  

 

 

 

 

Message 4 of 7
0 Kudos
Reply
baronfunke
Aspirant
Aspirant
‎2016-08-04 10:57 AM
‎2016-08-04 10:57 AM

Re: Traffic to ReadyNAS being blocked

Thought I had something there with uPNP, but nope - I only have NFS, SMB and HTTP/S enabled.

 

This workstation also has PeerBlock installed on it, as it is my RDP landing computer (the only thing that really differentiates it from my other workstations), but the errors and blockage are definitely coming from SEP.

 

I'd definitely take the help offeredby Chetan, I'm just not sure how I would go about checking it.

Message 5 of 7
0 Kudos
Reply
baronfunke
Aspirant
Aspirant
‎2016-08-04 01:22 PM
‎2016-08-04 01:22 PM

Re: Traffic to ReadyNAS being blocked

Just checked the workstation and it looks like PeerBlock isn't even installed, so that's a non-starter as well.

Message 6 of 7
0 Kudos
Reply
steveoelliott
Luminary
Luminary
‎2016-11-03 12:57 AM
‎2016-11-03 12:57 AM

Re: Traffic to ReadyNAS being blocked

Just found this... Did Chetan come back to you regarding this?

Message 7 of 7
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 6 replies
  • ‎2016-07-27 05:29 AM
  • 3089 views
  • 0 kudos
  • 4 in conversation
Announcements