Security incident alert

I am using Roon ROCK and streaming Tidal and Qobuz from the ROCK. Over the past few dats I have been seeing security warnings on my home Ubiquiti firewall. My ROCK is IP

“Threat Management Alert 2: Misc Attack. Signature ET COMPROMISED Known Compromised or Hostile Host Traffic group 14. From:, to:, protocol: ICMP”

Should I block the IP or is this expected traffic?

Can someone please help?

Kind regards,


I’m just a member here, but I’m skeptical that would be any legitimate reason for incoming ICMP messages from outside your LAN. The source IP address is in some content distribution network without a clear domain/owner, which adds to the suspicion. In your situation, I’d block and see what happens.

1 Like

ICMP type 3 is totally legit and common.

It’s not from Roon Labs.