DDoS with new firmware?

I installed a firmware update on our cam-pan today. Immediately after my system went crazy alerting me of DDoS from 192.99.36.44. I searched and found an earlier similar post, but the address was different and identified as legit.

I checked this address with Whois and it is managed from Quebec, Canada. Anyone else with a similar experience? Anyone who can identify the address as legit?

Many thanks

Welcome to the forum @necochino
Not sure what your monitoring utility is and if you are getting a false positive (nor am I monitoring for this), but, I would suggest reaching out to Wyze in case there is an issue with as many details as you can provide.

You can contact the Wyze security team at security@wyze.com, or the Wyze support team here.

image

2 Likes

Thank you for your prompt reply! I will do as suggested.

By definition you can’t get a “DDoS” attack from a single IP address. :wink:

I find these router based security warnings amusing.

The Wyzecams have often issued too many DNS queries and that traffic might explain your error. But it’s probably just the P2P servers trying to maintain a connection to your camera. Either way it’s actually pretty "normal*. As you’ve seen there are tons of threads about it. Here’s just one that mentions the same OVH hosting.

Please let us know what security says.

Did you have any resolution? I have one Pan v1 that started doing this today after firmware update. So far 100s of blocked IPs detected as DDoS attempts

This is at least partly an issue of your software. I would consider removing BitDefender as it’s wasting your time. (Microsoft’s AV is good enough.)

What are some of the 100 IPs? Are they really all the same IP as with the case of the original poster above?

Yeah I knew Defender was trash so I didn’t install it as they suggest. It’s a new router with a Netgear Armor trial that’s throwing the alerts. I had read that this router throws some false positives and had actually seen them in the log, but nothing like what Armor was doing with that one cam. Let me see if I can get some of the addresses for you, brb.

1 Like

Well, looking in the last batch it reported before I disconnected the cam, it looks to be these 3 IP repeating in sequence, over and over.

217.138.206.246 (United States New York M247 Ltd New York)
23.81.208.134 (AS396190 LEASEWEB-USA-SEA-10, US)
192.99.14.32 (Canada Montreal Ovh Hosting Inc.)

1 Like

Yep, almost assuredly all part of ThroughTek P2P or one of Wyze’s other vendors. Feel free to check with Wyze security as suggested above.

I don’t know exactly why it’s throwing the alerts but there may be some excessive firewall setting you can turn down / off.