TZ-370W transmitting unsolicited messages from WAN
B83
Newbie ✭
I thought this wasn't happening & closed an earlier post of mine but again this week unsolicited messages were again coming out of the TZ-370W at a rate of 1 per second.
Here is a random sample:
...
75.29.39.52.in-addr.arpa name = ec2-52-39-29-75.us-west-2.compute.amazonaws.com.
196.180.211.34.in-addr.arpa name = ec2-34-211-180-196.us-west-2.compute.amazonaws.com.
206.248.227.44.in-addr.arpa name = ec2-44-227-248-206.us-west-2.compute.amazonaws.com.
...
Configuration-
WiFi disabled.
No cables, except WAN (X1) to recorder.
With the cable removed we get zero messages.
With the cable installed we get 1 message per second from the TZ-370 WAN (X1) port.
I am not a network expert by any stretch, so I hope someone else with a TZ-370W can
replicate these conditions & see if this is not something Im goofing up (highly likely).
If real I would like to know how to shut it off, that's for sure.
Thanks everyone! have a good day
Best Answer
-
CORRECT ANSWERMarkD
Cybersecurity Overlord ✭✭✭
The firewall by design will talk to the internet for its internal service, its not unsolicited its required by the appliance,
License management
Internal DNS
Timesync
security services.
etc….
To monitor these, use the Monitor/Tools and Monitors/Packet Monitor/ Advanced Monitor Filter
Enable this to include firewall generated packets in the capture. NOTE: This is needed if firewall generated packets need to be captured even if other capture filters fail to match. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, routing, etc. These are marked with (s) in the incoming interface section of the captured packets list window if coming from the system stack, otherwise the incoming interface is not specified
1
Answers
It's outta here then! Thanks very much, MARKD