I purchased WD pr2100 recently, simple because I want “My own cloud”.
now before I explain my situation, let me tell you the status of my box.
- ALL features except SSH are disabled. there is nothing else except SSH. not even DHCP.
- No apps installed on my device.
I captured tcpdump for just 5 minutes with a prefilter to remove ssdp, arp etc.
Traffic to AWS:
14:12:12.304609 IP 192.168.0.37.57342 > 126.96.36.199.443: Flags [S], seq 1529442301, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
14:12:12.336219 IP 188.8.131.52.443 > 192.168.0.37.57342: Flags [S.], seq 2531290180, ack 1529442302, win 26883, options [mss 1460,nop,nop,sackOK,nop,wscale 8], length 0
Now this capture is strange, uPNP allows traffic FROM outside (linode company) to mycloud:
14:22:02.403271 IP 184.108.40.206.443 > 192.168.0.37.58235: Flags [P.], seq 901406271:901406305, ack 53781524, win 19, length 34
14:22:02.403337 IP 192.168.0.37.58235 > 220.127.116.11.443: Flags [.], ack 34, win 86, length 0
I blocked it and there is no service impact to mycloud at all! question is, what and why are these strange traffic behaviour?
I’m investigating since my PR2100 isn’t going to sleep mode nor standby