• Todas as comunidades
    • Todas as comunidades
    • Fóruns
    • Idéias
    • Blogs
Avançado

O que você está procurando? Pergunte a um especialista!

This forum thread needs a solution.
Kudos0

Botnet warnings for amazon.com IP address

Hi,

I keep getting botnet block warnings (200/day) for my local WD MyCloud NAS drive and AppleTV that apparently both try to talk to talk to one single IP 13.33.46.28 that when I look it up belongs to amazon.com.

What's going on here?

Thanks!

Respostas

Kudos0

Re: Botnet warnings for amazon.com IP address

Have you signed up for Amazon Prime service? 

Have you scanned the NAS drive for malware?

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Botnet warnings for amazon.com IP address

Hello crashkid. The IP address you gave traces to cloudfront with Amazon indeed. It is also NOT a blacklisted domain. Are there parental controls enabled on your Core? Does the botnet block notification also indicate large amounts of outbound traffic? I assume these are all incoming traffic blocks.

 Disconnect your Apple TV and NAS for a short period of time and reboot. See if these alerts continue. If not reconnect your NAS and let is stay on the network a bit to see if  the warnings reappear. If not, remove it again, attach your Apple TV again and do the same. See if the alerts reappear. This will help to isolate the problem and probable source.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.270 on Android 1.93
Kudos1 Stats

Re: Botnet warnings for amazon.com IP address

Thanks for the input. I'll try the isolation exercise later tonight.

What confuses me is that it is outbound traffic that is blocked. No parental controls active at all. The app info reads:

"Malicious site 13.33.46.28
[A few lines general botnet description]
Webpulse, Risk Level: 10, Category: Malicious Outbound Data/Botnets"

But no data amount is indicated.

Cheers

Kudos0

Re: Botnet warnings for amazon.com IP address

Please let us know what the results were. In case you need to post a screenshot directly into a post, here is how to do that. Its always good to see what the poster is seeing just to be on the same page.

Edited: I will also submit the URL that IP traces to over to Blue Coat for recategorization. Sometime the category can conflict between two services.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.270 on Android 1.93
Kudos0

Re: Botnet warnings for amazon.com IP address

Update: Nothing received from Blue Coat for the URL submitted. Their site said it had been submitted 7 days earlier so I'm hoping to hear what its categorized to soon.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.270 on Android 1.93
Kudos0

Re: Botnet warnings for amazon.com IP address

Hello Soul

Have you checked your Spam Detector for the response from Blue Coat? They usually respond within a day or 2.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one
Kudos0

Re: Botnet warnings for amazon.com IP address

Thanks for all your input. I have not had any other occurrences since and was not able to localize any further.

I asked the same question in the apple support community. The answer as follows:

"... It is not published where Apple leases some its cloud computing and cloud space, but at least some of it is outsourced, and Amazon AWS is a big player in that market. On the other hand, any 3rd party app can connect to a server anywhere in the world for their content, which has nothing to do with Apple. ..." 

The author does not identify as apple support, but reads to me just like straight out of their hand and I read a there is a pretty good chance that our cloud service is distributed through AWS in that.

My Apple TV is a 3rd gen, so there is only on what's factory installed.

Kudos0

Re: Botnet warnings for amazon.com IP address

Edited: Nothing from Blue Coat or in spam floplot. Checked their website and its been categorized as "content servers" which is what I had asked for. No idea why I never got an email notification.

Crashkid, when you said;

The author does not identify as apple support, but reads to me just like straight out of their hand and I read a there is a pretty good chance that our cloud service is distributed through AWS in that.

It's 100% a certainty Apple TV is hosting a part of their cloud services to AWS. No question about it. Amazon, like Google will push as much along their bandwidth as they possibly can to maximize their data stream usage. Core is most likely seeing the data stream along with the NAS data and putting it into a category thinking its too much data for one IP address. If you aren't already doing so I would put the Apple TV over on your 5.0 GHz network. Separate your 2.4 / 5.0 with separate and different SSID's and passwords. That should separate the data usage.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.270 on Android 1.93
Kudos0

Re: Botnet warnings for amazon.com IP address

Thanks, splitting the network is a good point in general. Haven't done that yet.

Kudos0

Re: Botnet warnings for amazon.com IP address

Hello

After reading this thread, I checked the Alerts on my Core. It show that same IP 13.33.46.28 on my husbands cellphone. This was before 9 AM, so I know my son wasn't using my hubby's phone. If this belongs to Amazon, he doesn't know how to get to Amazon. My Core shows he was blocked 23 times within a minute on Jan 18. It shows the same warning. Sending it to Blue Coat doesn't do anything about re-evaluating the site or any indication at the time that it was blocking anything. If I didn't check the Alerts, I would never know.  23 hits in a minute seems like a lot considering he only goes to a few sites or calls family with his phone. We don't have any Amazon Prime Accounts either, although my son has one. He doesn't live with us, but he does sometimes orders stuff for us and will send a tracking number if it is something which will be delivered to us. If anyone would check the tracking, it would be me and not my hubby and it would be with my phone. All I know is that I am stuck with 23 points added to my score which will never show if any of these were a False Positive. They never give back any points. There are no Teams like Safe Web who will check out these posts.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one
Kudos0

Re: Botnet warnings for amazon.com IP address

Hello I have just been informed that 13.33.46.28 is no longer being blocked. I don't know what happens with all the points that had been added to my blockage count. Would like to see the count get lowered by the 23 points. Cops informed me that it was no longer being blocked by Blue Coat. Have a Nice Day and Thanks.
Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one
Kudos0

Re: Botnet warnings for amazon.com IP address

All: Once again this appears to be yet another instance where SafeWeb conflicts with BlueCoat. At least the IP address is no longer being filtered on Core as malicious, the nuisance gone.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.379 / NCSP 22.17.0.183 / Norton Core v.270 on Android 1.93

This thread is closed from further comment. Please visit the forum to start a new thread.