Here’s what I received:
Thank you for contacting Synology Support. My name is Rob, and I will be assisting you today.
I understand that you are concerned about the large number of alerts coming from 192.229.211.108.
Safe Access uses the block lists from the FireHOL security project. You can read more about them at the link below.
FireHOL IP Lists | IP Blacklists | IP Blocklists | IP Reputation
As far as we can tell, there was some malicious port scanning coming from that IP address.
Problems like this can occur when data centers for major IT companies host out to other customers. If a bad actor comes in and starts performing malicious acts from a host at the data center, then the IP goes on the blocked list, even if most of the traffic is legit. This is because it is difficult to distinguish bad traffic from the good when coming from the same IP address.
Rest assured that FireHOL will investigate the issue and unblock it when they are sure the security issue has been dealt with.
[automerge]1706836426[/automerge]
So we wait?
[automerge]1706837845[/automerge]
Hello Jan,
When the issue with the IP is resolved then FireHOL will update their database and you will stop getting notifications.
Let me know if you have any questions on this and I will be happy to help.
Thanks,