Received the below Security Vulnerability Exploitation attempt but confused as the server sits in Azure with all traffic blocked by the NSG inbound so cannot see why ESET alerting for this (Known Bad) IP for this attempt.
Can anyone explain or seen similar alerts that do not make sense?
Just concerned that something has even attempted to exploit this server as it has no inbound ports open.
Network Vulnerability Alert on server.domain.local
Computer Name: server.domain.local
Username:
Timestamp: 1/15/22, 7:27:12 AM UTC
Severity: Warning
Event: Security vulnerability exploitation attempt
Threat Name: EsetIpBlacklist
Process Name:
Protocol: TCP
Inbound Communication: yes
Source Address: 220.249.167.16
Source Port: 52,183
Target Address: 10.1.0.5
Target Port: 1,433
This message was sent by ESET PROTECT