Hello, I'm new here so not sure if this should be posted in "General" or somewhere else. I just wanted to alert Firewalla that my Gold device started suddenly alerting me every 16 minutes that my Amazon Echo device is performing "phishing activity" by trying to hit IP 22.214.171.124 over port 123 (NTP). This seems like a possible false positive? Since it's every 16 minutes, that seems like a possibly normal NTP polling interval. Additionally, this Reddit thread seems to have identified similar behavior with another Amazon device, an Eero, going to the same IP pool that is legitimate NTP traffic.
I'm going to mute this alert, but I thought perhaps the Firewalla folks may want to know since it just started happening in the last day or two, like something changed with definitions or signatures or something.
Please sign in to leave a comment.