I just noticed my Vera scanning port 80 on my local network.
Checking firewall logs, I can see this has happened twice in the 30 days, so this is not often or frequent, and I can't associate either of the two events with any trigger that would cause this.. ie. nothing special was happening either on the vera or on the home network.
I don't actually know how broad the scan was. Since I just noticed this and the two events are 3 weeks apart, I haven't gone the extra step of putting a full traffic capture in between the Vera and my network. If it happens again, I certainly will consider doing that.
What I do have is a beaglebone on my home network that acts network tripwire: I drop all known host:protocol:port packets that I don't care about (netbios, plex scans, etc) and log everything else. Upon reviewing these logs, I noticed Vera hitting port 80 on my beaglebone. Vera has no reason to know or talk to this host, so this is an unsolicited port scan. It was only port 80 that was scanned, and since I don't currently have a 2nd tripwire on the localnet, I can't verify it scanned every single IP or just targeted my BeagleBone for some reason.
Suffice to say, it's alarming to see a black box device on my home network start probing other devices for no reason. I'd love to know why it's doing this, what triggered it, and what I can do to turn off whatever is causing this.Has anyone seen this behavior from their Vera before and have any idea of the cause?
My searching of these forums and of google turned up nothing. One thing I did find was this link https://media.blackhat.com/us-13/US-13-Crowley-Home-Invasion-2-0-WP.pdf
describing a number of security issues with the VeraLite and the author commenting there was a general lack of interest by Vera to acknowledge or fix these issues (section 3.2). This only heightened my concern that these port scans may actually be malicious activity by a remote attacker who has exploited any number of these vulnerabilities.
Here's a pastebin of the firewall logs of the Vera (1.50) hitting my Beagle (1.3) on the two different dates: http://pastebin.com/a4X0jLBi