Is Cerbo GX using eDonkey ??
Got this Security Issue on my network OUTGOING
Risk
Concerning –
Action
Block
Service
Other
Policy
P2P
Policy Type
Intrusion Prevention
Signature
ET P2P Edonkey Search Request (search …
Signature ID
2003319
Advanced Information
View
Direction
Outgoing
Incoming Network / Interface
Wan Starlink
• This indicates potential use of applications that may not be appropriate for corporate environments. This is usually more acceptable for home environments.
That is a standard multicast IP address and should not be routed outside your local network.
Here is a summary from Google:
The IP address 224.0.0.251 is a reserved multicast address used for multicast DNS (mDNS). mDNS is a protocol used for device discovery on a local network, particularly in the absence of a local DNS server. It allows devices to find each other without requiring a central authority.
Thanks for the answer Rick
gives me more questions
so why is it attempting to search outside the local network & why use P2p Edonkey file transfer Protocol.
Its not been seen in my logs of over 5 Years
Which Cerbo version are you running? 3.55?
Any recent updates?
If running a beta version, please let us know as there could be a bug to address, thanks.
3.52 Updated 30 days ago approx 1April when this started
No Beta’s 
Thanks, we will need help from others on this one.
I personally don’t think “eDonkey” even exists anymore, this may be a false positive.
Your firewall is blocking it in any case.
This is probably just the Cerbo using mDNS, and is expected.
But like you, I’d like to make sure nothing has crept into the VenusOS that is malicious.
Thanks For the Help on this Rick
I used eDonkey for years but not seen it in 10 or more
What firewall software is this?
Regarding “attempting to search outside the local network”, it isn’t – the way multicast works is that the device (GX in this case) sends out the packets and all devices on the LAN receive them. Your router is supposed to not forward them, so in case it does, it is broken – but if your firewall is running either on your PC or on the router, the fact that is it receiving that packet is normal.
What I guess is happening here is that the firewall/IDS signature for edonkey is sloppy and just happens to match whatever mDNS packet the GX sends out – a false positive.
(Digging deeper, are you running ubiquiti devices? They come up when searching for that message, see e.g. Reddit - The heart of the internet – and that signature matches on 3 bytes only, so it most probably is a false positive)
Yes I have Unifi Devices & cameras But Firewall is Native Apple Os 15.4.1 Sequoia
Why should they need to multicast all connected via VE Direct
It’s multicasting so you can find your GX devices via mDNS, with “venus.local” or whatever, and probably also so VictronConnect running on a PC can find your victron devices on the LAN.
Thank you for the explanation I now understand what’s going on
Thanks
