Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfblockerNG CINS_army_v4 alert for Synology DDNS site checkip.synology.com (159.65.77.0/24)

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 2 Posters 751 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bldnightowl
      last edited by

      For the last couple of weeks, I have been see a pfblockerNG alert like the following:
      Screen Shot 2021-06-23 at 11.37.03 AM.png
      and fire wall log entries that look like:
      Screen Shot 2021-06-23 at 11.39.29 AM.png

      I have determined that 159.65.77.153 is an IP for checkip.synology.com and is being probed regularly by the DDNS service on my Synology NAS behind the router. This is normal and correct behavior.

      For some reason, the CINS_army_v4 feed used by pfblockerNG has decided the network 159.65.77.0/24 is bad and has consistently flagged this IP for the last two weeks with the exception of a couple of days. When I looked at other IP blacklist sites (mxtools, etc), they also had this IP (and others for checkip.synology.com) listed on a few blacklists.

      Synology refuses to acknowledge that they have a problem.

      1. I looked at the CINS Army web site and don't see a way to find out why this IP is blacklisted. Does anyone know how?

      2. Is anyone else with a Synology NAS using DDNS behind their pfSense also seeing this issue?

      J 1 Reply Last reply Reply Quote 1
      • J
        jdeloach @bldnightowl
        last edited by jdeloach

        Deleted reply.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.