pfblockerNG CINS_army_v4 alert for Synology DDNS site checkip.synology.com (18.104.22.168/24)
For the last couple of weeks, I have been see a pfblockerNG alert like the following:
and fire wall log entries that look like:
I have determined that 22.214.171.124 is an IP for checkip.synology.com and is being probed regularly by the DDNS service on my Synology NAS behind the router. This is normal and correct behavior.
For some reason, the CINS_army_v4 feed used by pfblockerNG has decided the network 126.96.36.199/24 is bad and has consistently flagged this IP for the last two weeks with the exception of a couple of days. When I looked at other IP blacklist sites (mxtools, etc), they also had this IP (and others for checkip.synology.com) listed on a few blacklists.
Synology refuses to acknowledge that they have a problem.
I looked at the CINS Army web site and don't see a way to find out why this IP is blacklisted. Does anyone know how?
Is anyone else with a Synology NAS using DDNS behind their pfSense also seeing this issue?