Jump to content

spfister

Members
  • Posts

    2
  • Joined

  • Last visited

About spfister

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. I'm not sure what to post. I'm doing a large amount of packet captures at our firewall examining traffic going to the ESET server. It looks like the server does a GET /eset_upd/ep7/dll/update.ver.signed about every five minutes. Before every GET, there is a HEAD command for the same path. This gets a 401 (authorization needed) response from the server. So far, about half past the hour, it appears to do this 2 or 3 times in a row, about a second apart. I'm not the person who administers this server, but I can ask him about settings. I'm just trying to figure out why there's such a large amount of traffic to and from this server at all hours.
  2. I'm a network engineer trying to figure out why our ESET server is seeing a large amount of discarded incoming packets. It's also see an unusually large amount of traffic for what I've been told is only doing anti-virus. For example, Monday at 9pm local time through Tuesday at noon, I see incoming traffic of a little over 600GB. Currently, every time I do a packet capture at our firewall looking at incoming traffic to this server, I see a pretty constant inbound stream. It's trying to download a file called update.ver.signed over and over again. Sometimes, this download results in an HTTP error code 401 (authorization required).
×
×
  • Create New...