Yeah, I'm going to try a factory reset. I haven't looked closely yet to see of its only one of the WAPs or multiple.
I bought 5 of them through TechData/Synnex, so I'd be surprised if they are running compromised firmware.
Original Message:
Sent: 04-26-2023 04:10 PM
From: l3rainzone
Subject: APs reaching out to Russion IP addresses
Maybe your firmware was compromised. Where did you buy those APs? I'd suggest resetting the firmware to factory image.
Original Message:
Sent: 4/24/2023 10:11:00 AM
From: davejlong
Subject: APs reaching out to Russion IP addresses
On my network I block traffic to and from Russia and a few other countries. I just recently setup some new AP22s and noticed that I'm getting alerts from my firewall that they are reaching out to Russian based IP addresses. Can anyone provide insight as to what Aruba is hosting in Russia that they are reaching out to?
2 of the IPs that I've seen are:
109.197.199.28
85.21.78.23
The second IP is flagged on VirusTotal which is concerning.