We have an RX4100 and a DX400 series Sentinel device in two separate networks. Every week I get an IPS hit on 78.137.100.54 for a buffer overflow:
Watchguard IPS Notice
I've ignored this in the past because I couldn't find much information about it. Plus, the IPS is denying it, so I didn't pay much attention to it.
Today, though, I dug a little bit deeper.Turns out 78.137.100.54 is Star Wind, which is a virtual storage software provider (in Germany).
https://www.starwindsoftware.com/
I couldn't find the offending header that was triggering the IPS. We don't track that level of detail in the IPS detection, unfortunately. That would be a nice thing to have.
Why the WD devices are contacting StarWind on a weekly basis is unknown to me. I don't recall any disclosures about that activity when I bought these devices.
We're retiring that RX4100 soon. It's network cards always go offline for no apparent reason. Other IT people have reported a similar experience with the RX4100. That usually happens at night, which is no big deal, but sometimes it happens at the start of the business day. That's happened enough times to warrant immediate retirement.
We've purchased a Synology to replace it. Hopefully the Synology does't make unexpected outbound connections to a German ISV.
Watchguard IPS Notice
I've ignored this in the past because I couldn't find much information about it. Plus, the IPS is denying it, so I didn't pay much attention to it.
Today, though, I dug a little bit deeper.Turns out 78.137.100.54 is Star Wind, which is a virtual storage software provider (in Germany).
https://www.starwindsoftware.com/
I couldn't find the offending header that was triggering the IPS. We don't track that level of detail in the IPS detection, unfortunately. That would be a nice thing to have.
Why the WD devices are contacting StarWind on a weekly basis is unknown to me. I don't recall any disclosures about that activity when I bought these devices.
We're retiring that RX4100 soon. It's network cards always go offline for no apparent reason. Other IT people have reported a similar experience with the RX4100. That usually happens at night, which is no big deal, but sometimes it happens at the start of the business day. That's happened enough times to warrant immediate retirement.
We've purchased a Synology to replace it. Hopefully the Synology does't make unexpected outbound connections to a German ISV.