Our Firewall has recently reported its being flooded with netbios broadcasts every few minutes by the Drobo on a 169.x address (not the Drobo’s main IP). Does anyone know how to turn this off?
Alarm spoofing_dos generated by device Abertay: IP spoofing: Traffic detected from 169.254.5.114 to 169.254.255.255.
Power off the Drobo & quit using it… or… get a firewall you can configure not to bug you about what’s normal legitimate traffic for a Drobo.
Occasional short bursts of traffic is not “Being flooded”, is not in this case a denial of service attack no matter what your firewall mis-labels it.
If you switch to something other than a Drobo, be prepared for that to also produce network traffic at times as part of it’s administrative system, which your firewall is likely to also complain about.
Thanks for the mildly aggressive response.
Yes, i’m fully aware its not an actual DOS attack and we aren’t being flooded, its just doing enough frequent bursts of traffic to trigger the rule and of the thousands of other devices on our network (including other NAS boxes) this is the only one spewing out enough traffic to be of interest.
I also prefer to try and alleviate a problem before just hiding it behind a firewall rule so i can’t see it.
If its normal traffic for a drobo, what exactly is it trying to do as part of its ‘administrative system’?
ps. Would love to turn it off!