NBG6617 - many TLS sessions to AWS

2

Comments

  • Edwardc
    Edwardc Posts: 55  Ally Member
    Hi sitro,

    Does your NAS542 use PPPoE?
    Can share your network topology and details information about Darkstat report?

    I checked the IP: 193.253.155.25, it seems belong to France Telecom (now Orange S.A.).
    https://en.wikipedia.org/wiki/Orange_S.A.

  • sitro
    sitro Posts: 21  Freshman Member
    edited May 2019
    Hi,
    no, the nas doesn't use PPPoE
    I reboot the nas , so i don't have anymore the stat about orange I got a new one see below
    Orange is my Provider (FAI)
    the new one is somethin like this :

    193.253.155.253 (none) d4:60:e3:c8:1f:36 0 3,958,219,796 3,958,219,796 15 hrs, 23 mins, 46 sec:smile:

    in detail
    193.253.155.253
    Hostname: (none)
    MAC Address: d4:60:e3:c8:1f:36
    Last seen: 2019-05-02 20:29:27 UTC+0000 (15 hrs, 28 mins, 57 secs ago)

    In: 0
    Out: 3,958,219,796
    Total: 3,958,219,796
    TCP ports on this host
    The table is empty.

    TCP ports on remote hosts
    The table is empty.

    UDP ports on this host
    (1-1 of 1)
    Port    |Service | In | Out                  |Total
    49152 |             | 0  | 3,958,219,796 | 3,958,219,796
    UDP ports on remote hosts
    (1-2 of 2)
    Port | Service | In                     | Out | Total
    8200 |             | 3,672,393,780 | 0     | 3,672,393,780
    8202 |             | 285,826,016    | 0     | 285,826,016
    IP protocols
    (1-1 of 1)
    # Protocol | In | Out                   |Total
    17             |0    | 3,958,219,796 | 3,958,219,796

    (edit : delete previous table )
  • sitro
    sitro Posts: 21  Freshman Member
    up after edit previous message
  • sitro
    sitro Posts: 21  Freshman Member
    Recently I changed my provider.

    Now I get network connection with : 81.253.237.117
    Last seen: 2020-05-09 09:47:17 UTC+0000 (2 hrs, 23 mins, 42 secs ago)

    In: 0
    Out: 185,073,997,412
    Total: 185,073,997,412
    UDP ports on this host (1-1 of 1)
    Port      Service              In               Out                     Total
    49152                     0            185,073,997,412   185,073,997,412

    UDP ports on remote hosts (1-2 of 2)
    Port      Service              In                Out                    Total
    8200                    171,711,231,912      0          171,711,231,912
    8202                     13,362,765,500       0            13,362,765,500

    no idea what it might be ?
  • KevinZE
    KevinZE Posts: 27  Freshman Member
    Is IP: 81.253.237.117 the WAN IP of your Modem?
    What is your topology? How do you connect your NAS in your Network
  • KevinZE
    KevinZE Posts: 27  Freshman Member
    What model of your gateway?
    Can you set a Firewall on your gateway? If you can, please set the firewall, and stop the traffic from that IP, and also block the port 49152.
    Will this traffic keep happened after the firewall setting?
     
  • sitro
    sitro Posts: 21  Freshman Member
    yes, I think the external adress of the modem is this one : 81.253.237.117
  • sitro
    sitro Posts: 21  Freshman Member
    yes, I think the external adress of the modem is this one : 81.253.237.117
    the modem is also the router proprietary can not install a firewall on this router.
    maybe it is the upnp server (twonky) that cause this traffic 
    Why it is not the internal adress of the modem (192.168.1.254) that is seen I don't understand

  • KevinZE
    KevinZE Posts: 27  Freshman Member
    If you have run some DDNS or access the NAS from WAN set, it will be possible that all the traffic head to the WAN IP. 
    Do you access NAS from WAN? Such as, watching NAS videos or downloading files to NAS from WAN?
    And how do u view those data from the darkstat? do you install the darkstat on the lan device or install it in NAS?
  • sitro
    sitro Posts: 21  Freshman Member
    That's right I have a ddns  even if I don't use it. But I don't access the NAS from the WAN, neither to get files nor watch video.
    darkstat is a module of the NAS (if i remember it's a module from metarepository) , installed on the NAS