Abnormal uploads

Comments

4 comments

  • Avatar
    Firewalla

    Ring is a special case, it is really hard for us to get a pattern out of it.   Here is a thread and some quick solutions that may help.

    https://help.firewalla.com/hc/en-us/community/posts/360030411213-Constant-Alerts-on-Ring-Doorbell-Abnormal-Uploads-

     

    1
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    Don't assume that all destinations to Amazon in USA or UK are "genuine". They are a cloud hosting service and any threat actor with a credit card can host malicious software there.

    1
    Comment actions Permalink
  • Avatar
    Dan Blue

    Ok thanks for that, will check that thread out and try the workarounds

    @Chris yes that is true, mostly mine are going to *.ring.com but some are IP addresses (which are Amazon AWS according to Talos) so some could be in rogue in theory, but it has been consisten from day 1 least

     

    Thanks

    0
    Comment actions Permalink
  • Avatar
    David Bell

    I just "fixed" this today using advice from the other thread.
    Look at the first two numbers of the IP address it's talking to. All of mine have been to a location in Portland OR.
    Go into Rules, Add Rule, Allow, under "set a target", IP Address Range, enter in the form xx.xx.0.0/16, then select this to only apply to the Ring device, then Save.
    I have been able to block everything so far with only two rules. I'm sure others will eventually pop up. Amazon picks the specific addresses depending on where you live.

    0
    Comment actions Permalink

Please sign in to leave a comment.