Malicious attack on Roon Nucleus Plus

I’ve received 4 alerts from my internet provider that it blocked …

“a known malicious IP from accessing this device.”

Two were from the US, and one each from Panama and Monaco.

My Nucleus is hardwired to my router.

Has anyone else experienced such an attack? I can’t imagine what a hacker would hope to accomplish!

@John_Oster, I assume you have set up port forwarding to use ARC. Your ISP should really say “potential attack” since they block the suspicious IPs before it queried your modem. Nonetheless, open ports are frequently scanned by bots seeking vulnerabilities, but this doesn’t mean an “attack” is successful (the analogy is someone knocking on your front door and no one answers.)

No, I don’t use ARC. I figured it must be a broad attempt to find a port, but it’s odd the alert mentioned the Nucleus rather than my PC. I used the word “attack,” not my ISP.

Mentioned how? In the first post, you mentioned "alerts from my internet provider that it blocked “a known malicious IP from accessing this device.”

As Martin wrote, there is no hacker as such, these are all automated scans, it happens all the time on the internet

@Suedkiez the message header states "NucleusPlus 4 IP Reputations Attacks. So, actually they did use the word attack, but not in the message itself.

If you go to Roon Settings > Roon ARC, is it enabled? Please share a screenshot; it’s a possibility that UPnP setup port forwarding.

It shows that it is “ready” but I don’t see the word “enabled.” Is there some way to remove ARC altogether? I don’t think I’ll ever use it.

Interesting, probably your router reports to your ISP what devices you have at specific private IP addresses, because how else would they know. It’s probably just the local device name of the IP address for which the router has a port forwarding rule enabled (for ARC), as the Nucleus Plus identifies under that name to the router’s local name service.

1 Like

Enter a zero (0) in the port box to disable ARC port forwarding.


Or, turn off UPNP on your router. That way nothing can setup a routing rule without you knowing about it.

1 Like

I entered a zero and will also turn off UPNP on the router. Thank you everyone for your help.