TZ-370W default config spewing unsolicited messages out its WAN port
Hi,
My factory configured TZ-370W is spewing messages out its WAN port targeting '8.8.8.8', 'google user content', and who knows what else at a rate of about 5 per second.
Its an internal firewall without Internet access and floods its surrounding devices & logs with noise. I don't like any device trying to contact external entities without explicit permission to do so .
My other (non-SonicWall) firewalls do not do this and are quiet on the network.
Is there a way I can make this TZ-370W stop this behavior?
I appreciate any helpful guidance. Thank you.
Best Answer
-
BWC Cybersecurity Overlord ✭✭✭
@B83 the Firewall isn't doing it by itself, you could check the TSR if there is any occurence of 8.8.8.8 which gives you a hint where it's used. If it's not in the TSR then it must be generated externally, which you can find with a Packet Monitor looking for 8.8.8.8.
My best guess would be that the DNS is configured to 8.8.8.8, but I bet you checked this already.
—Michael@BWC
1
Answers
"..but I bet you checked this already." don't bet on me on this kind of stuff! I did look, but obviously not like you experts would have. Your comment launched a more detailed search and indeed, 8.8.8.8 is the third default DNS of the TZ-370W. I learned more about this firewall, thanks. And packet details, too. It is not the TZ-370W. We proved that by removing it from the network & connecting its WAN port to a recorder..clean! Thanks very much BWC!
I apparently spoke too soon. This morning unsolicited messages were again coming out of the TZ-370W at a rate of 1 per second.
Here is a random sample:
...
75.29.39.52.in-addr.arpa name = ec2-52-39-29-75.us-west-2.compute.amazonaws.com.
196.180.211.34.in-addr.arpa name = ec2-34-211-180-196.us-west-2.compute.amazonaws.com.
206.248.227.44.in-addr.arpa name = ec2-44-227-248-206.us-west-2.compute.amazonaws.com.
...
Configuration-
WiFi disabled.
No cables, except WAN (X1) to recorder.
With the cable removed we get zero messages.
With the cable installed we get 1 message per second from the TZ-370 WAN (X1) port.
I am not a network expert by any stretch, so I hope someone else with a TZ-370W can
replicate these conditions & see if this is not something Im goofing up (highly likely).
If real I would like to know how to shut it off, that's for sure.
Thanks everyone! have a good day