AIProtection - Two-Way IPS hits OpenVPN?

[Flashman]

Hi,

First off - I really appreciate your help on this:

I am have 384.13 on my 86U. I have OpenVPN Server set up on the router and my family uses OpenVPN on Fire Sticks to connect to my house and one of them has it on their Android phone also. I saw these entries on Two-Way IPS and would like some help to interpret please.

Does this mean that someone connecting on my OpenVPN server (the source looks like a LAN IP for VPN - can't seem to find the location of the range on 384.13) and with those MAC addresses, has an infected device? If so - what would you suggest - update the OpenVPN software on the fire sticks/check that phone for malware?

Thanks for your help!

 

[ColinTaylor]

Same thing reported here. The 10.8.0.2 is the address of the connected VPN client. The rotating MAC addresses are consistent with an Amazon device, like a FireTV and the destination addresses belong to Akamai. So I'd say that (as usual) AiProtection is reporting a false-positive and what you're seeing is either the VPN client streaming data from something like Amazon Prime or Netflix, or it's trying to "phone home" to Amazon HQ.

 

[Flashman]

Cheers Colin!

Shouldn't this happen each time then? New for me anyways.

 

[ColinTaylor]

Shouldn't this happen each time then?

No idea. I've never tried to use an Amazon product to connect to my VPN.

You know the date and time that the events occurred so ask the person that was using it what they were doing. Of course it's possible that it's just some automatic background process that they're unaware of. Or for example, when my smart TV is left on its home page it's constantly streaming video adverts.