Constant Malicious Port Scanning: Intrusion Prevention
I've had this XE75 about three weeks (replaced 4 node M5) and have actived Home Shield
Over the last 48 hours I've been getting increasing Intrusion Prevention Messages and Warnings.
I have had 9 warnings today alone from my network security "Home Shield has prevented a malicious attack. Malicious port Scanning detected. I click the warning and It shows that the source MAC is a device on the network and the source IP is the address of the same device. The target IP I can't find on my network.
* Source MAC = ROON ROCK MAC
* Source IP = ROON ROCK IP
* Target IP = IP Address of a device I cannot find on my network.
I'm a music lover, entrepreneur and pastor not a network engineer. If this is an external attack why is the source MAC and IP from an internal device? Can someone tell me what this means and how to stop it. "Home Shield" keeps blocking it but frequency is increasing. I tried Isolating the device ROON ROCK (it's a music server) but of course then none of my controllers could run the sy
Anyway, any insight as to what's going on would be appreciated
I'm trying to upload the screenshots of the attacking records but I continue to get error messages that Source URL is missing. I think I figured out what is / was going on. My ROON ROCK music server has been scanning the network looking for new endpoints and music files to consolidate my library. I made an Intrusion Exception for that device and it has stopped and music playback has been far more stable.. I'll upload the logs now
I'm trying to upload the screenshots of the attacking records but I continue to get error messages that Source URL is missing. I think I figured out what is / was going on. My ROON ROCK music server has been scanning the network looking for new endpoints and music files to consolidate my library. I made an Intrusion Exception for that device and it has stopped and music playback has been far more stable.. I'll upload the logs now