Firewall Threat detection

So.
My firewall is picking up threats. so my question is

what is this trafic ?

Threat Management Alert 3: Unknown Traffic. Signature ET USER_AGENTS Node XMLHTTP User-Agent. From: 192.168.X.X:36115, to: 142.93.107.218:80, protocol: TCP 19:13 04/29/2020
Threat Management Alert 3: Unknown Traffic. Signature ET USER_AGENTS Node XMLHTTP User-Agent. From: 192.168.X.X:36116, to: 142.93.107.218:80, protocol: TCP 19:13 04/29/2020
Threat Management Alert 3: Unknown Traffic. Signature ET USER_AGENTS Node XMLHTTP User-Agent. From: 192.168.X.X:36118, to: 142.93.107.218:80, protocol: TCP 19:13 04/29/2020
Threat Management Alert 3: Unknown Traffic. Signature ET USER_AGENTS Node XMLHTTP User-Agent. From: 192.168.X.X:36119, to: 142.93.107.218:80, protocol:

who is 142.93.107.218 ?

when accessing it i get

Cannot GET /

This is Volumio quering your network for UPNP\DLNA servers :wink:

but why does it want to go to that IP ?

This is probably Volumio trying to search for automatic update info. Is there a way to turn this function off and only rely on manual update search?

Well, if this is not a radio station or a volumio server something stings…

IP Location Germany Germany Frankfurt Am Main Digitalocean Llc
ASN Germany AS14061 DIGITALOCEAN-ASN, US (registered Sep 25, 2012)
Whois Server whois.arin.net
IP Address 142.93.107.218

I’m pretty sure it is an updating function for Volumio so the OS can check if there are new updates and flag the user for that. That is the function I would like to turn off.

URL: http://pushupdates.volumio.org/socket.io/?EIO=3&transport=polling&t=N8hQrDv&b64=1
Submission: On May 19 via manual (May 19th 2020, 5:34:34 am) from IT

so @sebackman was right :slight_smile:

Yep, this is a call made by Volumio to check if there are updates available. This is done in preparation to the new push updates function that we are working on.

The infos sent are: hardware, software version (and we don’t log requests)

Good to get it confirmed. Thank you.
Is it possible to turn it off?

i don’t think so… better make a rule in your firewall to ignore it

Understood. Just don’t like to leave paths open. Better to turn off if possible.