I am the network admin for a church. I run a Ubiquiti Unifi network with a UDM Pro Gateway. Our data network is a 10.0.8.0/22 scheme, with the router at 10.0.10.1. One of the employees has a WD MyCloud at 10.0.8.71. Twice every day between 8-9pm I get the following security alert from the UDM’s IDS (based on Suricata):
Threat Management Alert 2: Attempted Information Leak. Signature ET SCAN Non-Allowed Host Tried to Connect to MySQL Server. From: 10.0.8.71:3306, to: 10.0.10.1:60695, protocol: TCP
Each day the two alerts come in at the exact same time, but the time changes from day to day.
I assume this is the WD MyCloud accessing the router to access the internet for legitimate functionality, but I am curious to know if anyone has any more definitive info.
Thanks in advance for any assistance!