Hello everyone,
I have a couple of Unifi Accespoint from clients in my controller. So different location.
From one location i am seeing logs in my firewall log.
The IP is trying to connect on port 389, which is dropped.
I am pretty sure it is coming from the Unifi Outdoor+. When i reset the unit, the are no new lines in the log from that IP.
It is not really a known port for unifi:
https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
Port 389 is an LDAP port, also known for being hacked.
But the location i am talking about has only got 2 computers (which i checked with netstat -a) and 1 NAS. (and are off at the moment, except the NAS)
They don't have a server or anything like that.
Should i open port 389 for this location?
There is not really something that is not working, but the firewall lines are annoying :P
Maybe i am being paranoid/over active, but i am trying to explain all the firewall drops coming from known addresses.
Small other problem, STUN port 3478 is a Unifi port. I have created a Dnat rule (a group with all the unifi ports) and they all work except the 3478. That one is still being dropped according to the log.
This thread was automatically locked due to age.
