I have some 450g’s in the field and every now and then the CPU will jump up to 100% until I locate the culprit and block their access.
When I look in the firewall connections tab I see users that are continually reaching out scanning ports behind the firewall trying to reach specific IP addresses.
The devices that I’m having problems with are cell phones trying to update but have yet to authenticate.
I’m guessing apps on the cell phones are causing the problems as I traced 1 of the ip addresses to a weather.com service.
Any hints on how one can resolve a problem like this? Maybe drop packets from a device after so many attempts? Or, maybe block the user temporarily?
A push in the right direction would be very much appreciated.
Thanks!