I recently got a new Synology RT6600ax router. I set it up and it has Traffic Control Monitor. I see traffic from both my PCs and my Galaxy S10 phone and my wife's that I don't expect. It says that TOR has run on all the devices. I never installed TOR and don't intentionally use it.
I see an event in Threat Prevention: "ET TOR Known Tor Exit Node Traffic group 48" from 8/24 that was Alerted but not Blocked. I have since blocked all TOR that I can in the Threat Prevention app.
Does something in Norton detect and remove TOR. I'm guessing it is hiding somewhere or this is all false positive stuff. I DO see input and output through this TOR activity so I'm worried.
All the Norton scans on my PC don't reveal anything and NPE didn't do anything either, though I didn't try looking for rootkit because I think with this hardware and Windows 11, that should be blocked from happening. Windows Defender also did not find anything.
The other suspicious activity was on a Sleep Number bed. Threat Prevention said it was using SSH with an unusual port number. Can't find out if SSH from the bed is normal or not. Support personnel didn't have a clue. I have blocked port 22 in the firewall and have SSH turned off in router (supposedly).
Anybody have any suggestions for the TOR or SSH situation?
Product: Norton 360 version 22.22.7.14
OS: Windows 11