boxer74 Posted November 24, 2021 Share Posted November 24, 2021 Every few hours, I see the following messages in my syslog: Nov 24 09:36:59 ur1 rsync[6282]: connect from 192.168.2.1 (192.168.2.1) Nov 24 09:36:59 ur1 vsftpd[6281]: connect from 192.168.2.1 (192.168.2.1) Nov 24 09:36:59 ur1 rsyncd[6282]: forward name lookup for DreamMachine.localdomain failed: Name or service not known Nov 24 09:36:59 ur1 rsyncd[6282]: connect from UNKNOWN (192.168.2.1) Nov 24 09:37:10 ur1 smbd[6284]: [2021/11/24 09:37:10.442874, 0] ../../source3/smbd/process.c:341(read_packet_remainder) Nov 24 09:37:10 ur1 smbd[6284]: read_fd_with_timeout failed for client 192.168.2.1 read error = NT_STATUS_END_OF_FILE. Nov 24 09:39:22 ur1 vsftpd[7804]: connect from 192.168.6.1 (192.168.6.1) Nov 24 09:39:22 ur1 rsync[7805]: connect from 192.168.6.1 (192.168.6.1) Nov 24 09:39:23 ur1 rsyncd[7805]: forward name lookup for DreamMachine.localdomain failed: Name or service not known Nov 24 09:39:23 ur1 rsyncd[7805]: connect from UNKNOWN (192.168.6.1) Nov 24 09:39:33 ur1 smbd[7807]: [2021/11/24 09:39:33.981382, 0] ../../source3/smbd/process.c:341(read_packet_remainder) Nov 24 09:39:33 ur1 smbd[7807]: read_fd_with_timeout failed for client 192.168.6.1 read error = NT_STATUS_END_OF_FILE. 192.168.2.1 is my LAN gateway IP. 192.168.6.1 is a VLAN gateway IP for the VLAN on my UniFi network that all my docker containers are isolated on. I have firewall rules that prevent communication from the docker VLAN to my LAN. I have WireGuard running on Unraid and setup a static route as well as allowed host communication with docker containers using custom networks as recommended in setup instructions. Any ideas what is causing these constant connection attempts? Quote Link to comment
ZinE Posted December 23, 2021 Share Posted December 23, 2021 I´m having the same question. I´m also seeing alot of the folloing in my log, Dec 23 12:57:10 Tower smbd[11525]: read_fd_with_timeout failed for client 192.168.1.1 read error = NT_STATUS_END_OF_FILE. Dec 23 12:57:10 Tower smbd[11526]: [2021/12/23 12:57:10.801300, 0] ../../source3/smbd/process.c:341(read_packet_remainder) 192.168.1.1 is my gateway. It´s a udm pro with threat management, traffic & device inspection enabled. Quote Link to comment
JonathanM Posted December 23, 2021 Share Posted December 23, 2021 14 minutes ago, ZinE said: It´s a udm pro with threat management, traffic & device inspection enabled. If I had to guess, I'd say your UDM is "helpfully" attacking your server. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.