Security incident alert

Roon Software Discussion ROCK
1

I am using Roon ROCK and streaming Tidal and Qobuz from the ROCK. Over the past few dats I have been seeing security warnings on my home Ubiquiti firewall. My ROCK is IP 10.128.128.177.

“Threat Management Alert 2: Misc Attack. Signature ET COMPROMISED Known Compromised or Hostile Host Traffic group 14. From: 212.102.57.158:, to: 10.128.128.177:, protocol: ICMP”

Should I block the IP or is this expected traffic?

Can someone please help?

Kind regards,

Jeff

2

I’m just a member here, but I’m skeptical that would be any legitimate reason for incoming ICMP messages from outside your LAN. The source IP address is in some content distribution network without a clear domain/owner, which adds to the suspicion. In your situation, I’d block and see what happens.

1 Like
3

ICMP type 3 is totally legit and common.

It’s not from Roon Labs.