Ingress Firewall vs Custom Rule
I recently noticed that my country block rule for Romania has registered almost 2.2 million hits since November 25th, 2023. In contrast, my Ingress settings indicate just over 2,000 hits during the same period. From my understanding, Ingress tracks incoming connections, so this suggests around 2,000 blocked incoming attempts.
Given the large number of hits on the Romania rule, could this be indicating that an application within my network is attempting to connect repeatedly to an external server in Romania? How can I identify the source of these outbound attempts?
Thanks in advance,
-
Yes, likely a device is making the attempts.
Regarding how to track it down, see this article https://help.firewalla.com/hc/en-us/articles/1500007220942-Firewalla-Blocked-Flows
-
My Wyze cameras constantly try to connect to Romania and other countries like Canada. Likewise, my Synology QuickConnect was constantly trying to connect to Chechnya, but when I investigated the IP, it was just outside NYC. The reality is that country geo-coding is of marginal value. IP owners change, and you have to look up the IP to see who owns it and where.
Please sign in to leave a comment.
Comments
3 comments