kevroc
-
Posts
9 -
Joined
-
Last visited
Posts posted by kevroc
-
-
Nope, i didn't manually install it nor i have forwarded any port manually in the router. I have even turned off UPnP in the router. Also, telnet is disabled in my windows. I highly doubt if those guys working in the ISP even know what an open port is ! That's how pathetically the customer care department respond to the queries in my country.
-
Hello, when i connect to my wifi form the laptop i get incoming requests from my TP-link router/moden named "ARCHER_CS". I denied the requests. When i checked in the eset GUI it shows 2 incoming connections beign blocked constantly. One is from "NT Kernel and system" and one if drom the TP-link router. Also when i did a router scan it showed as Telnet port 23 open. So i checked my router and no portforwarding has been done. I have attached the pics below. Should i be concerned that my router is compromised or a malware in the system ?
-
Hi, i have been doing some malware analysis for the past few months and learning about it. Also i have been browsing several forums and found that the only AV that gives problem to the malware authors is the run-time detection feature of ESET. Every other malware developer is making a thread on "How to bypass ESET runtime detection? " or "FUD stub except ESET runtime" or some expert developers showing off how they were able to crypt their payload to escape ESET run-time detection.
So, i looked into the websites doing AV software comparisons and none of those websites or any youtube video about AV software reviews/comparisons mention anything about the superiority of ESET run-time detection mechanism. Why i am saying this is, "If you want to know who the best cop is you should ask that question to the robbers", because the robbers are probably the ones who will give you the correct answer ! Since this being the ESET forum could anyone tell me why ESET runtime detection is considered as being the best by the malware authors ?
I was using ESET IS, but since i bought a new laptop i though of trying Kaspersky 30 day trial. It is also good but bit heavier than ESET and it blocks tracking by websites as an extra feature. Also i noticed that ESET would block certain websites saying "Script inject trojan blocked" and wouldnt let me visit it. But Kaspersky is allowing me to visit those websites and dosent show any warnings of script inject( I dunno if Kaspersky is actually blocking the trojan or not able to detect it altogether) The AV comparative websites and youtube videos put "Kaspersky,ESET & Bitdefender" in the top 3 places (not in any particular order) My Kaspersky trial expires tomorrow. So need to make a quick decision !
-
23 hours ago, JamesR said:
The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router.
If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet.
Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you.
I used the family wifi connection from morning, even torrented from morning and in the last 14 hours i dint receive any attack or port scanning. Thanks a lot for the ESET staffs for solving my issue
I contacted my isp and they should be visiting me by monday to setup the router for my connection.
11 hours ago, Marcos said:The blocked IP address is known to be a source of recent RDP attacks and probing for open ports. Is it that uTorrent doesn't work as long as the IP address is blocked?
For your torrent client you can set up an IDS exception (F5 -> Network protection -> Network attack protection -> List of ids exceptions ->Add -> Alert: Security Vulnerability exploitation, Threat Name:Incoming.Attack.Generic, Direction:In, Application:select your torrent client, Block:No,Notify:No,Log:no).
Regarding the SMB attack, it's genuine and no exception should be made for it. As already advised, close the ports, use a router and set the network as public.
Yes i got RDP attacks too. Actually utorrent works if the attacks happen, but if i receive more than 7 or 8 attacks in a short span of time, my internet slowed down to 1/2 or even to 1/4 of its original speed. I then had to completely disconnect and reconnect from the internet to get back my full speed. Thank you i will make that IDS exception as you said
And yes, i have requested for a router and hopefully be installed by monday from my ISP .
-
50 minutes ago, JamesR said:
The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router.
If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet.
Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you.
Oh ok sir. I have a wifi at home which the rest of the family uses. I am using another connection from the same isp which is directly plugged into my laptop port since it gave me the least ping while gaming. I have a doubt. Everyone who use a desktop pc has a wired connection plugged directly into their pc's cpu right ? Is it the same as the way i am currently using on my laptop or different ? (During gaming i starting getting ping spikes and so the rest of the players adviced me to use a wired connection & to stop using a wifi) So i ended up using the internet connection like this .
-
1 hour ago, SeriousHoax said:
Try blocking all inbound connection in ESET firewall by creating a rule. Does that help?
I need incoming for my torrent client alone and i have made a rule for it. Will the new rule of denying all incoming connections affect that of my torrent client also ?
EDIT : I just tried blockin all incoming connections in firewall. I still get the attacks. It says "A device on the network is trying to exploit a security vulnerability" . In firewall i choose inbound to "Deny", for type i choose "all" and clicked save. I din't choose any specific apps or ports in the Local and remote tabs (I just left them empty) Is this the right way to block all incoming connections ?
-
Here are the logs from ESET Log Collector. I have attached them.
-
Hi, i keep getting application security vulnerability network attack. I stopped all torrents and now i keep getting "SMB attack generic" attack exploitation message by ESET IS every 10-15 minutes. But when i see the logs section of "Network protection" there is no log of the attack. The eset message says "It could be attackers trying to gain control of your system". How can i stop this ?
Here is the network protection log i have. Some time i get port scanning attacks also.
Incoming requests from the router/modem & NT kernel- Malware ?
in Malware Finding and Cleaning
Posted
Thanks a lot for the help itman. I will contact the isp regarding the issue. Hope they could give a possible explanation for the open port.