Ring Security Cameras
Browse posts, comment, and join in the discussion about Ring’s indoor and outdoor cameras.
Ring Device accessing a DNS server in Austria designated as a C&C risk
I have four Ring security cams. Just recently the stick-up cam has begun trying to reach a DNS server in Austria. According to my firewall security, the server in question poses a C2/Generic-A security threat.This has just started happening within the last week. ulogd[20523]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" **threatname="C2/Generic-A"** srcmac="xx:xx:xx:xx:48:72" dstmac="00:13:3b:11:25:19" srcip="192.168.5.160" dstip="185.121.177.177" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="32091" dstport="53" the registered name for the server is "Silent Ghost", which is rather ominous-sounding.I performed a factory reset on the device and assigned it a different IP address but the problem is now being flagged on the new address. None of my other cameras are doing this. (Nor any of my other devices or computers.)You can find out more about this threat at https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspxHas anyone had a similar experience? Thankfully my firewall blocks this behavior but I'm concerned that the ring cam firmware may be compromised.
2804 •
0 •
0 •
06-06-2021 18:53:28
Responses (14)
- R
Hi - I'm getting the same alarm from our sophos firewall. At the moment this affects 2 cameras out of 8. Firewall blocked the connection to this 185.121.177.177 Any hints or similar experience? [Update:] Found out, that this address above is an OpenNic Tier 2 DNS Resolver. https://wiki.opennic.org
•0
14-06-2021 15:26:54
- J
I'm seeing the same thing from 2 separate cameras. It seems to happen once a week or so
•0
25-06-2021 09:41:03
•
- N
I am also getting the same reports from our Sophos firewall that our new stick up cam is trying to reachout to a suspect IP address 185.121.177.177.
•0
26-06-2021 17:04:26
•
- J
I'm thankful to see that I'm not alone here. Not getting much traction out of Ring. At this point I'm ready to junk the camera and switch to an NVR solution. How can they hope to "sell" us on security when they can't explain these network anomalies. I'd be happy to be wrong here if someone can explain this network behavior to me.
•0
01-07-2021 22:12:26
•
- J
I have spoken at length to your support team with no resolution. I don't know whether they escalated to your security team for a review but the response I received did not allay my concerns. The fact that others have observed the same behavior should sound alarm bells at Ring (seriously, no pun intended). I'd be willing to accept a perfectly reasonable/plausible explanation. To date I have not received one. I have now disconnected the stickup camera from my network entirely. There’s a lot of malware out there and IOT devices are notoriously vulnerable so when I see something like this I have to be safe rather than sorry.
•0
02-07-2021 20:42:51
•
Didn't find an answer ?
Log in or create your Ring account to post a question and join in the on the conversation.
Community Resources
Most Helpful Members
View All
©2024 Ring LLC or its affiliates
Tom_Ring
Hi @jerseyguy. Thanks for sharing this information. I suggest reaching out to our support team so out Neighbor Solution Experts can take a look and determine what this is. Please give our support team a call at one of the numbers available [here](https://support.ring.com/hc/en-us/articles/213608406). We’re taking additional steps to protect our team and help reduce the spread of COVID-19, so this has resulted in longer than normal wait times. If you are outside of the US, please read our response to COVID-19 [here](https://support.ring.com/hc/en-gb/articles/360041597471) to see how to contact support.
0
07-06-2021 21:41:16
•