Is my Flex 100 hacked? Traffic out of the bleu blocked

Options
tesagig
tesagig Posts: 56  Ally Member
First Anniversary 10 Comments Friend Collector
edited January 2023 in Security
Today, all clients started to have issues getting to the "internet"
No matter what web page that was requested the Flex content filter blocked. After disabling the content filter basic web is working again, somewhat...

However, special port requirements are blocked. Although configured to be allowed for outbound traffic. e.g.

2023-01-05 18:25:57
    
alert
    
Warning web sites
    
ocsp.sca1b.amazontrust.com:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
    
x.x.x.x.x:55868
    
18.172.124.219:80
    
WEB WARNING



or

2023-01-05 18:36:35
alert
Warning web sites
gateway.zscloud.net:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
x.x.x.x.x:61482
165.225.56.27:80
WEB WARNING




1
2023-01-05 18:41:19
alert
Warning web sites
time.cp.dyson.com:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
x.x.x.x:58852


Netflix doesn't work either.

I get those warnings (which block) even after disabling content filter.


I am a bit at a loss what happened (with no config change ...)


as a temporary "workaround" I disabled "home_office" profile


All Replies

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    or was there some Zyxel outage?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @tesagig,
    Greeting forum, Please kindly provide remote GUI access to check .
    Please see the inbox. You can restrict those IP addresses. 
    Thank you
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @tesagig
    Thanks your remote. Currently the problem seems to be gone. 
    We suspect that there may be a connection issue with the update server at that time.
    We're investigating that and will update when any news . Thank you
    Kevin

Security Highlight