1.36.33 getting flagged by Snort

Discussions related to the 1.36.x series of ZoneMinder
Post Reply
Redstorm
Posts: 7
Joined: Wed May 14, 2014 9:01 pm

1.36.33 getting flagged by Snort

Post by Redstorm »

Recently enabled Snort on my firewall and found that Zoneminder on startup and periodicaly is contacting 34.177.186.192 on port 443

This is flagged as a Network Trogan, Do we know why Zoneminder is contacting this IP address?
Top
dougmccrary
Posts: 1236
Joined: Sat Aug 31, 2019 7:35 am
Location: San Diego

Re: 1.36.33 getting flagged by Snort

Post by dougmccrary »

That's an AWS ip, pretty sure it's the ZM telemetry. Which is down due to expense.
There used to be a checkbox to turn it off. I suspect if you go to Options->Privacy->(choose) Decline, then Apply, that will stop it.
Port 443 is the normal https:// port, BTW.
Top
Redstorm
Posts: 7
Joined: Wed May 14, 2014 9:01 pm

Re: 1.36.33 getting flagged by Snort

Post by Redstorm »

Yes is the privacy option. states it contact ipinfo.io which i saw in the wireshark capture. I have declined it, will see if it trys to contact it again.
443 HTTPS same same...
Top
Post Reply

Return to “ZoneMinder 1.36.x”