Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
Need the latest SmartSDR, Power Genius, Tuner Genius and Antenna Genius Software?

SmartSDR v3.8.23 and the SmartSDR v3.8.23 Release Notes
SmartSDR v2.12.1 and the SmartSDR v2.12.1 Release Notes
Power Genius XL Utility v3.8.9 and the Power Genius XL Release Notes v3.8.9
Tuner Genius XL Utility v1.2.11 and the Tuner Genius XL Release Notes v1.2.11
Antenna Genius Utility v4.1.8
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

Security Alarm Intrusion

KH6XX
KH6XX Member ✭✭
in Networking

I operate remotely and have UPnP activated on my router. The past few days I have begun receiving the following message: " Nmap Scriting Engine - TLS Handshake was blocked. No action is required the intrusion attempt was blocked. This feature detects abnormal behaviors and blocks attempted connections. Review the details for more information. Source IP 167.172.99.9, Client Device Flex TGXL1, Action BLOCK". I do port forwarding to be able to access the TGXL.

Received the same message multiple times but with IP address of 118.194.250.22

How concerned should I be? Should I deactivate UPnP? How far into my LAN have they accessed? How can this be stopped?

Randy KH6XX

Answers

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    The TGXL does not do uPNP rules, so that was not generated by the radio.

    Did you do a manual port forward for remote operation of your TGXL?

  • KH6XX
    KH6XX Member ✭✭

    Yes, I am doing a manual port forward for the TGXL. These notifications are coming from my ISP, not from the Flex equipment.

    I also am getting a security alarm "Nmap Scripting Engine - Service Escape Character Probe was blocked". The IP address was that of my local PC and client device on the alarm indicated the name of that PC. The action indicated BLOCK. My ISP is using "ProtectIQ". There are two Intrusion settings available that are not enabled now. One is IPS Protocol Anomaly and the other is IPS Port-Scan Defense. Should these be enabled?

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    yep, I understand that part.

    We have no experience with those products, what they do and how they work.

    Others may be able to offer an opinion. Sorry

  • KH6XX
    KH6XX Member ✭✭

    This "Nmap Scripting Engine TLS Handshake was blocked" appears to only be happening on the TGXL and none of the other Flex devices being accessed remotely.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Comment As ...

Categories