Zoomtopia is here. Unlock the transformative power of generative AI, helping you connect, collaborate, and Work Happy with AI Companion.
Register nowEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Learn moreKeep your Zoom app up to date to access the latest features.
Download Center Download the Zoom appDownload hi-res images and animations to elevate your next Zoom meeting.
Browse Backgrounds Zoom Virtual BackgroundsEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Zoom AI Companion2023-01-07 08:26 AM
I have a Synology RT6600ax router with "Threat Prevention". When a Silversneakers zoom meeting is started on a Samsung Galaxy S10 Android phone, I get a LOT of events generated. There are 2 kinds of events:
2. Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)
I presume this is getting confused because zoom is doing a P2P protocol and is encrypting UDP packets.
I only get one of these events and I believe it happens RIGHT after I allow the SQL events.
I don't allow this P2P event and it doesn't seem to stop the meeting, but should I allow this one?
Thanks for any clarification on this.
Also, when using this on the phone, what ports and IP addresses are used?
2023-01-08 04:57 PM
Hi, @mtiede.
I love my Synology RT6600ax! I'm on Zoom meetings all the time, and have never had an alert from the router relating to any Zoom meeting.
I'm assuming you've got the ax router at home and have configured it yourself, as opposed to something at a work site. There are settings you can use to block certain sites for youngsters at home, but the info you shared doesn't seem like it's related to that.
If you'd like to send me the meeting link via PM, I'll give it a try and see what happens on this end and let you know.
2023-01-11 08:10 AM
Have you looked at the DS Router app on the phone and then gone to the Settings | Traffic Monitor | Applications? If so, have you ever seen traffic from Tor? I have and I don't know where that traffic is coming from and if it is legit or a hack.
2023-01-25 06:33 AM - edited 2023-01-25 06:34 AM
Ray, are you using threat prevention? If so, and you go into the Self-defined Policy menu item and then look at the signatures and then "A Network Trojan was detected", what do you have for the action for "Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)"? Is it "Do nothing"? I've changed most of the high and medium and some of the low to "Drop" instead of whatever the default is. If it is a risk, I want to disable it until I PROVE (as best I can) that it is not something to worry about, at least for the particular instance.
I hadn't answered your question as to whether this is at home self configured and Yes, and Yes. I'm a LONG time programmer (first code written in 1966) and not a beginner in software, but this is my first deep foray into routers thanks to Spectrum not updating my old modem/router (and my old router could ONLY be updated by the ISP).
2023-01-11 06:40 AM
I have just been adding the events to "Do nothing". Today, just now, it didn't complain about the Sql or Conficker. I presume it accessed the same IP.
But I did still get a complaint about it using TLS1.0. I've added that to the "Do nothing" events.
Maybe I can get that link from my wife when she is done and I can send it to you. Although, it will probably be too late then because the SilverSneakers will be over.
I wonder if the problem is just with the SilverSneakers and not Zoom meetings in general.
How is your performance with Threat Prevention active. It looks like it is cutting mine down by about 10%. My ISP supplies 300Mbps download and even on ethernet I only get about 270Mbps. Before, when I was using my NetGear C7000v2 modem/router with no sort of Threat Prevention available, I was even getting up to about 350Mbps. On wifi, I'm only getting 86Mbps right now (don't know if wife's Zoom is taking away from that performance). But at it's best the wifi is probably only getting around 200Mbps.
2023-01-11 07:48 AM
It doesn't look like I can have you try it. Meeting is now over and can't be joined. You probably have to be a member of SilverSneakers to use it anyway.
Thanks for the offer.
I think these events may be unique to the SilverSneakers meetings.
2023-02-03 08:54 AM
Each time the zoom meeting is started, I get the ton of Sql complaints probably because a different IP is used every time. But once I'm past that, I still get "GPL SHELLCODE x86 setgid 0". The combination of looking for sql and this shellcode which looks like it tries to get administrator makes me wonder about SilverSneakers and what is going on. Of course, if TP were off, I'd never know about these things and maybe everything is fine. Wish I knew for certain.