Jump to content
Guides for the Forum ×
Poradniki na Forum ×

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


Guest Message by DevFuse

Fibaro HC2 and IDS

candrea77

By candrea77
in Home Automation

 Share

Recommended Posts

candrea77    26

candrea77
Posted

Anyone are using Fibaro in a Network where is present an IDS ?

 

I can see a lot of PSNG_TCP/UDP/ICMP_PORTSWEEP_FILTERED all started from the IP address of my HC2

 

I'm free to block this packet ?

Why my HC2 is doing portsweep over Internet ?

candrea77    26

candrea77
  • Topic Author
    • Author
    Posted

    This is the destination address of the PORTSWEEP traffic :

     
    98.137.200.255
    149.3.177.57
    54.88.155.198
    109.95.152.167

     

    Maybe some Fibaro Guys can help us to understand this traffic ?

    chaicka    195

    chaicka
    Posted

    98.137.200.255 - Yahoo, may be this is for the Yahoo weather API?

    149.3.177.57 - Hong Kong? No idea, suspicious traffic.

    54.88.155.198 - ??? Suspicious traffic.

    109.95.152.167 - Poland, may be this is Fibaro's servers.

    fi-bar-oh    47

    fi-bar-oh
    Posted

    This is the destination address of the PORTSWEEP traffic :

    98.137.200.255

    149.3.177.57

    54.88.155.198

    109.95.152.167

    Maybe some Fibaro Guys can help us to understand this traffic ?

    You use thingspeak and have Italian ISP

    candrea77    26

    candrea77
  • Topic Author
    • Author
    Posted
    Yes , you are right ....

    I use thingspeak and I'm using italian ISP. 

     

    So I can assume the traffic is OK and leave it unblocked ?

     

    But no other PC i my network are doing portscan over internet .... and all the device are using DNS .....

    Also all device are using some service on internet (netflix / ssh / citrix / and so on) .... and no other one trigger the IDS with portscan.

     

    So , What's the meaning ?

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×
     Share
    Go to topic listing
    ×
    ×
    • Create New...