Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 3 subscribers
  • Views 384760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QNAP NAS triggering C2/Generic-A

MarCow
Hi,

I have a QNAP NAS device on my network, and over the last couple of months (possibly since the upgrade to UTM 9.2 although I'm not 100% sure of that correlation) I've been getting intermittent C2/Generic-A notifications from the UTM Advanced Threat Protection service with the QNAP as the source IP.  The destination IP associated with this warning is 95.211.192.195, which a reverse lookup shows as lw45.ua-hosting.com.ua (apparently a Ukrainian web hosting company).

For now I'm just ignoring these warnings and letting the UTM drop this traffic, but I was curious if anyone else has seen this since QNAP devices are quite popular, and whether there really is something fishy going on here.  I'll also ask QNAP support the same question to see if there's a legitimate purpose for accessing this IP.

Thanks!
Martin.


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to apijnappels

    I have to congratulate your observation skills. Bravo.

    In the end, have the question received the definite answer? I checked QNAP forum and there is no answer too.

    So, is it false positive or is it genuine issue?

    You had 2 years to think about it, as you have noticed. Do you have an answer?

    Does anyone else?

    Can Sophos AV be installed on the QNAP system?

Children
  • 0 in reply to JacekG

    I didn't mean to be offensive, but there's a big chance the original poster will not see your reply or even know about the answer anymore should there be one.

    It's most likely not a false positive so I would check your NAS. Don't know whether you can or cannot install Sophos AV to it, but you can also scan all it's files from a workstation connected to it and I believe QNAP also has a virusscanner built in to its firmware.

    And no, I didn't have 2 years to think about it since I have never seen this thread before (or at least do not remember seeing it before). Anyway thanks for the congratulations.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML