Jump to content

CraigF

Members
  • Posts

    3
  • Joined

  • Last visited

About CraigF

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Australia
  1. Marcos, we were scheduling our scans via a policy that added the task to the client's Tools, Scheduler. As you say, we can schedule via ESMC tasks instead, so will fall back to this option.
  2. @Marcos, If I'm not mistaken, we can only schedule weekly scans via ESMC policies, not monthly. Can you verify this?
  3. For the past week or two we've received Network Attack Alerts relating to Botnet.CnC.Generic detections across all our (Australian based) clients. According to VirusRadar (https://www.virusradar.com/en/home/world) this is currently the most common threat detection, yet I've been able to find no information about it. The detections are on inbound traffic from a small number of IP addresses. We're seeing them mostly on port 443 (as that is one of the few ports they have open), but we have seen it on port 2222 (ESET ERA) also. It's not clear whether ESET File Security is taking any action to block these threats. These are some of the source IP addresses we're seeing: 193.188.22.187 185.156.177.235 185.153.199.3 141.98.81.66 45.136.111.112 45.136.108.68 My understanding of CnC threat traffic is generally triggered from the infected machine so would be outbound rather than inbound, so I am somewhat confused by these notifications . Can anyone shed any light on how ESET detects a "Botnet.CnC.Generic" threat so I can determine whether this is something we need to respond to (e.g. is it just based on the source IP address?) Also, is anyone aware of CnC servers that would be spraying out traffic to web hosts?
×
×
  • Create New...