Since upgrading from 3 to OS5 a few years back, I get warnings from my Xfinity Xfi application. They are IP Reputation attacks and look like this:
Source IP: 167.248.133.119 2/20, 9:59 am
We’ve blocked a known malicious IP from United States from accessing this device.
I get 7-20 per week.
Xfi router says to reboot. If the errors persist, make sure firmware on device is updated (it is, just downloaded 5.20.113) - if these fail to resolve issue then contact the manufacturer of the device.
Anyone know why known malicious sites are trying to access my device? How can I close this off without sacrificing connectivity to WD Cloud?
I have been having the same problem for months. The IP address in the original post is one of the same ones that is hitting my router as well.
My drive is on OS5 and has latest firmware. Rebooting does nothing obvious to fix anything. Web accessed, including FTP is disabled. My drive is encrypted.
I think this is mostly just an annoyance, but would like to know for sure.
Per @Keerti_01 I have created a ticket with WD support. Will post my findings here.
Not sure why I need to go through this, as the public forum is usually the best for security issues.
@user_69_0 Thanks for your input - but I don’t want to disable the NTP service, because it is what keeps the clock on the device synchronized with the atomic clock in Ft Collins, CO. Normally it wouldn’t be an issue - and I will test this over the next few months, but when time deviates too much certain decryption functionality requires exact time synchronization, and decryption will fail (SSL, PGP, etc)
I’ve taken your advice and turned it off for the time being.
In addition - my ticket at WD was closed resolved, however they provided me this link:
In short - basically it says we have to live with unauthorized connection attempts to our devices if we expect cloud functionality - and we can disable uPnP if we don’t want this functionality.
I don’t agree with this - WDC can implement a more secure protocol that doesn’t cause Xfinity’s firewall to go crazy any time someone from anywhere in the world tries to connect.
