My Ubiquiti router is blocking many repeated DVR Server outbound network intrusions to many different countries (like a botnet).
Is this a bug in DVR Server or malware?
Do I need to worry about the many intrusion attempts?
I’m running Linux Mint 22.
I am using all Ubiquiti hardware, including CyberSecure.
Never had the CDVR server show up for anything like that.
What do you mean by it is blocking "outbound network intrusions"?
Post some screen shots and give more information, cause that is extremely vague and not really helpful at all. What Service, Category, Policy Type, Signature ID and threat etc does it state...it gives tons of info other than what you state.
Do you have your server exposed to the internet via port forwarding?
(That usually results in inbound port scanning)
Do you have other things running on the computer, like BitTorrent's or other things that need outbound internet connections?
I was recently testing Mint on a spare mini pc.
I did get several alerts from it, clean install, only installed and updated it, no other software installed.
Check the details of such alerts, and you will see its system related, not anything to do with CDVR.
Like this.
Probably False Positives, but, if that is the source of your alerts, best to take that up with the Linux Mint Community on their fourms.
(though, with CPUID and Notepad++ having compromised download sites giving people malware ridden installers these days, who knows, maybe one of Mint's download mirrors got hacked or a repository...idk.)
I'm getting many many outbound intrusion attempts every few minutes to random countries worldwide. Ubiquiti CyberSecure is blocking the attempts so far. I do not have any open ports in my firewall router.
This was a clean Linux Mint 22.3 install followed with Channels DVR Server.
I thought I was very careful to not do any unnecessary web browsing to avoid driveby...
I installed ClamAV to check the system. I am also going to install a Rootkit scanner to do the same.
jerry
Says it right there…. BitTorrent dht ping request. U have a BitTorrent client running. Or something that is using a P2P connection. Some remote access software or file syncing software may use it.
That signature will always trigger if that category P2P and or Bittorent is enabled in cyber secure. Such signatures are highly sensitive and triggered pretty much with anything that attempts to make a P2P or bittorent connection or request.
They can be disabled in cyber secure if you are want to use such bittorent software. I’m probably do not get these alerts because I have those categories disabled
I am not running any BitTorrent software to my knowledge.
CyberSecure is blocking all P2P connections.
Something nefarious is attempting to make connections to many different country IP addresses.
Does malware make use of P2P connections?
This makes no sense for a new Linux Mint 22.3 and CDVR installation unless I got hit by a drive by.
Jerry
They can. yes. But so does many other legit software and processes.
Mint has a built in Firewall that u can enable i believe.
Again, Unifi's Firewall protection, even without CyberSecure, is very sensitive.
Either way, this is not a Channels DVR related thing. (far as i can tell)
You may have better luck on Ubiquiti forms or Linux forms.
Unless someone else here has more experience with Linux Mint and can give you more insight....thats all i can say, is that you have something running that is using P2P/Bittorent connection protocols.
