Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

TZ-370W default config spewing unsolicited messages out its WAN port

B83B83 Newbie ✭
in Mid Range Firewalls

Hi,
My factory configured TZ-370W is spewing messages out its WAN port targeting '8.8.8.8', 'google user content', and who knows what else at a rate of about 5 per second.

Its an internal firewall without Internet access and floods its surrounding devices & logs with noise. I don't like any device trying to contact external entities without explicit permission to do so .
My other (non-SonicWall) firewalls do not do this and are quiet on the network.
Is there a way I can make this TZ-370W stop this behavior?
I appreciate any helpful guidance. Thank you.

Category: Mid Range Firewalls
Reply

Best Answer

  • Options
    CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @B83 the Firewall isn't doing it by itself, you could check the TSR if there is any occurence of 8.8.8.8 which gives you a hint where it's used. If it's not in the TSR then it must be generated externally, which you can find with a Packet Monitor looking for 8.8.8.8.

    My best guess would be that the DNS is configured to 8.8.8.8, but I bet you checked this already.

    —Michael@BWC

Answers

  • Options
    B83B83 Newbie ✭

    "..but I bet you checked this already." don't bet on me on this kind of stuff! I did look, but obviously not like you experts would have. Your comment launched a more detailed search and indeed, 8.8.8.8 is the third default DNS of the TZ-370W. I learned more about this firewall, thanks. And packet details, too. It is not the TZ-370W. We proved that by removing it from the network & connecting its WAN port to a recorder..clean! Thanks very much BWC!

  • Options
    B83B83 Newbie ✭

    I apparently spoke too soon. This morning unsolicited messages were again coming out of the TZ-370W at a rate of 1 per second.
    Here is a random sample:
    ...
    75.29.39.52.in-addr.arpa name = ec2-52-39-29-75.us-west-2.compute.amazonaws.com.
    196.180.211.34.in-addr.arpa name = ec2-34-211-180-196.us-west-2.compute.amazonaws.com.
    206.248.227.44.in-addr.arpa name = ec2-44-227-248-206.us-west-2.compute.amazonaws.com.
    ...
    Configuration-
    WiFi disabled.
    No cables, except WAN (X1) to recorder.

    With the cable removed we get zero messages.
    With the cable installed we get 1 message per second from the TZ-370 WAN (X1) port.

    I am not a network expert by any stretch, so I hope someone else with a TZ-370W can
    replicate these conditions & see if this is not something Im goofing up (highly likely).
    If real I would like to know how to shut it off, that's for sure.
    Thanks everyone! have a good day

Sign In or Register to comment.