Best Of
Re: www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com
@electsystech thanks for joining the discussion.
The number of oooo in my case is always the same (3 different organization's firewalls).
If i google that domain it gives almost no results and this makes me thing that it's a rare problem but the fact that 3 different android phones of 3 different users connect to this domain let me think that thousands of people are getting this little problem.
One idea is to compare the apps installed on each phone to find what is in all 3 but it's not so easy since they are different sites as I already mentioned
Another idea is to find some android app that acts like a firewall on the phone catching who is connecting to who but i have no knowledge of it
Last idea would be to put a computer with Wireshark between an access point dedicated only to that mobile and the router and look for many ooooooooooooooooo but you need both time and experience and usually having one means not having the second 🙄
As I said a workaround would be a firewall policy to block the IP (i think that firewall policies work before the subscription services so the infamous connection would be blocked before DNS Filtering check), but: 1) I don't know if that IP hosts many sites 2) i prefer solutions to workarounds ;-)
PS I confirm that no one ever complained, i'm probably the only one since I receive too many alerts via email
Re: www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com
Hello @zyman2008 your solution for avoiding the logs is smart and i'm likely to click "solved" I just wonder how we can understand which app is asking for it (if it's an app and not the system itself)
www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com
Hello community!
We use to configure ATP firewall on-premise and we use to activate all the 3 features of IP reputation (IP reputation, DNS filtering, URL filtering).
Since 5.37 ABPS.1 we are receiving many many alerts everyday from different managed firewall (different organizations, different devices) like this one:
192.168.6.106:41625 —>192.168.6.1:53
alert dns-filter DNS REDIRECT
www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com:Malicious Sites
As far as we checked this traffic is always from an Android mobile phone.
As far as i know almost nobody talks about this domain online but i cannot believe that this is not impacting many persons since we receive alerts from many of our clients with laterst fw version if not all.
None of our clients complained of something not working on their mobile phone even if this domain is blocked
- Does anybody know which application/process asks for this website so many times a day?
- Does anybody know if this website is really dangerous or can we whitelist it to avoid all these emails?
- Does anybody have a way to understand which android application is asking for an URL (apart from using wireshark)
- Is there a way to stop email alert for just one domain? My only idea is to block the ip address of this domain (actually 3.3.130.190) but i do not know if this server host thousands of websites…
Re: Massive Packet Loss/TCP drops with NWA220AX-6E under FW 7.00
We had the same problem with an installation with 6 NWA220AX. Massive problems with the connection establishment and interruptions. The problem started with the automatic update to V7 in July.
After downgrading to V6 everything was fine again.
NAS542 - Unable to connect to myZyxelCloud
I'm running a NAS542, V5.21(ABAG.15) and i ping correctly in Network Diagnosis and the router is detected as UPNP.
I read the cloudagent.log and found this error:
[2024/10/16-12:39:36] pair status checking: "NON-PAIRED" and no cloud user exists, do nothing
[2024/10/16-12:39:37] connection disconnected: Error: 15 Reason: SSL peer presented an invalid certificate
[2024/10/16-12:39:37] re-connect delay time: 39958 ms
[2024/10/16-12:40:53] RESTFUL: device register success, and http code is 200
[2024/10/16-12:40:53] agent reconnect: restful success
[2024/10/16-12:40:53] sync pair status "NON_PAIRED"
[2024/10/16-12:40:55] NAT type detect:5, Hairping:0 [52.5.137.202]
[2024/10/16-12:40:55] pair status checking: "NON-PAIRED" and no cloud user exists, do nothing
[2024/10/16-12:40:55] re-connecting...
What can i do?
Thanks, Ivano
Re: NAS542 - Unable to connect to myZyxelCloud
I have the same problem and my log file looks the same
Re: Nebula Cloud Service Incident 2024-10-25 01:38 - 09:30 (UTC+0)
Dear Nebula Users,
The incident has been resolved.
Resolved: 2024-10-25 09:30 (UTC+0)
Re: Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Affected Products:
ATP, USG FLEX Series in On-Premise Mode with remote management or SSL VPN enabled, at any point of time in the past, and which admin users credentials have NOT being updated or do not have 2FA enabled.
Those running the Nebula cloud management mode are NOT affected.
Affected Firmware Version: ZLD V4.32 to ZLD 5.38
It is indicated that the ATP and FLEX series are vulnerable. The Zywall series is not mentioned.
Nebula Cloud Service Incident 2024-10-25 01:38 - 09:30 (UTC+0)
Dear Nebula Users,
The system had some issues due to an incident.
Issue Started from:
2024-10-25 01:38 (UTC+0)
Resolved:
2024-10-25 09:30 (UTC+0)
Issue Symptom & Risk:
- Some pages are unable to load successfully.
Partial users are unable to login.We are under maintenance, user cannot access to Nebula control center.- Monitor data might not be updated after removing the maintenance page.
- During network incidents, the Nebula Control Center continues to collect data but there may be gaps in data reporting.
Note: This incident does not affect Nebula devices and their local network services if there is no any configuration change.
If you observe any issues that do not match the symptoms & risks mentioned above, please contact @Zyxel_CSO
We apologize for any inconvenience this has caused.
Zyxel Nebula Support
Re: 2 IP wan with PPPOE on usg flex 700 (not H series)
Hello
Thank you for your answer.
Sincerely,
Fabrice