Security Activity regarding Repeater

Follow

Fritz Bezold

• December 31, 2020 12:38

Hi,

I use the firewalla gold with my FritzBox 7590. There are a few Repeater (also from AVM) connected to the FritzBox. Now I get "Device FritzRepeater-Garage is scanning ports on device FritzBox 7590" with the "Security Activity" warning.

Is that behavior of my repeater OK or what would I have to check?

 

Greetings from germany

Fritz

0

• 

  Firewalla

  • December 31, 2020 17:54

  Do you know how the repeater works? do they NAT the devices behind them? or fake the MAC addresses?

  Also, the scanning ports alarm is triggered by one device accessing another device's ports (multiple) very quickly.   We have seen some applications may do this (for whatever reason);  So the scans may not be all bad (just bad coding)

  0

  Comment actions Permalink
• 

  Fritz Bezold

  • January 01, 2021 09:02

  Unfortunately not... it´s this on https://avm.de/produkte/fritzwlan/fritzwlan-repeater-310/ working in bridge mode and is part of a mesh network.
  
  The only devices connected to this repeater are a sauna oven and a Ring stickup cam.
  
  Do I have to be worried?

  0

  Comment actions Permalink
• 

  Firewalla

  • January 01, 2021 17:17

  Tap on devices

  Find [sauna oven]

  tap on it

  Tap on network flows, and see if there are anything going on there.

  0

  Comment actions Permalink
• 

  Fritz Bezold

  • January 02, 2021 11:03

  History showed:

  

  And Talos infos are here: https://talosintelligence.com/reputation_center/lookup?search=212.227.81.55

  Unfortunately I dont know what to do with this info. :-)

  0

  Comment actions Permalink
• 

  Firewalla

  • January 02, 2021 17:25

  Tap on the flow and see the details.  Likely these are just NTP protocol getting time.  (The size is tinny)

  0

  Comment actions Permalink

Please sign in to leave a comment.