‎Ring Device accessing a DNS server in Austria designated as a C&C risk

English

Help

Community Home

Ring Security Cameras

Browse posts, comment, and join in the discussion about Ring’s indoor and outdoor cameras.

J

jerseyguy

Ring Device accessing a DNS server in Austria designated as a C&C risk

cs-support

wireless-security-cameras

network

I have four Ring security cams. Just recently the stick-up cam has begun trying to reach a DNS server in Austria. According to my firewall security, the server in question poses a C2/Generic-A security threat. This has just started happening within the last week. ulogd[20523]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" **threatname="C2/Generic-A"** srcmac="xx:xx:xx:xx:48:72" dstmac="00:13:3b:11:25:19" srcip="192.168.5.160" dstip="185.121.177.177" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="32091" dstport="53" the registered name for the server is "Silent Ghost", which is rather ominous-sounding. I performed a factory reset on the device and assigned it a different IP address but the problem is now being flagged on the new address. None of my other cameras are doing this. (Nor any of my other devices or computers.) You can find out more about this threat at https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx Has anyone had a similar experience? Thankfully my firewall blocks this behavior but I'm concerned that the ring cam firmware may be compromised.

2780 •

0 •

06-06-2021 06:53:28

Responses (15)

T
Tom_Ring
Hi @jerseyguy. Thanks for sharing this information. I suggest reaching out to our support team so out Neighbor Solution Experts can take a look and determine what this is. Please give our support team a call at one of the numbers available [here](https://support.ring.com/hc/en-us/articles/213608406). We’re taking additional steps to protect our team and help reduce the spread of COVID-19, so this has resulted in longer than normal wait times. If you are outside of the US, please read our response to COVID-19 [here](https://support.ring.com/hc/en-gb/articles/360041597471) to see how to contact support.
0
•
07-06-2021 09:41:16
•
J
Jamman960
I'm seeing the same thing from 2 separate cameras. It seems to happen once a week or so
0
•
25-06-2021 09:41:03
•
N
norp90
I am also getting the same reports from our Sophos firewall that our new stick up cam is trying to reachout to a suspect IP address 185.121.177.177.
0
•
26-06-2021 05:04:26
•
J
jerseyguy
I'm thankful to see that I'm not alone here. Not getting much traction out of Ring. At this point I'm ready to junk the camera and switch to an NVR solution. How can they hope to "sell" us on security when they can't explain these network anomalies. I'd be happy to be wrong here if someone can explain this network behavior to me.
0
•
01-07-2021 10:12:26
•
M
Marley_Ring
Thank you for the continued feedback on your experiences, neighbors. I suggest reaching out to our support team so that our Neighbor Solution Experts can help, or escalate you further to our safety and security team for review. Please give our support team a call at one of the numbers available [here ](https://support.ring.com/hc/en-us/articles/213608406). We’re taking additional steps to protect our team and help reduce the spread of COVID-19, so this has resulted in longer than normal wait times. If you are outside of the US, please read our response to COVID-19 [here ](https://support.ring.com/hc/en-gb/articles/360041597471) to see how to contact support.
0
•
02-07-2021 07:13:45
•