Jahman

I see. The firewall rule hasn't generated a single log so that would explain why it does nothing. At least hopefully that means that ESET is able to block that threat and all it's related risks completely even before they even reach the firewall. Given that I still have no idea what's the source of the vulnerability I'd rather not disable the exploit protection (or any protection at all in general) to double-check that. Ever since changing to IPv4 on my router and unlocking the it's firewall settings in the process earlier today I haven't had any new reports so I really hope it stays that way. If it doesn't I'll make sure to try out WireShark and Fiddler to try and find the culprit software. Thanks for the suggestion! If I do, is there anything I should keep an eye out when monitoring the traffic aside from the communication matching the addresses and ports from the reports?

Thanks. I did all that except for the last part as I did specify the actual IP range I wanted to block in the IP section of the Remote tab. If the Remote tab should be empty then where else should I delcare that IP range? Just in case, here are the screenshots of my ESET firewall rule:

Thanks. I'm somewhat compulsive about updating everything (systems, applications, drivers, firmware, etc.) so I check for new versions every other day and update everything possible ASAP. As such to my knowledge everything on my devices is up to date. Also, while all PCs run Windows 10 the sets of installed apps vary quite a bit between all 3 and yet all of them reported the exact same exploitation attempts. Updates aside, I also haven't installed any new, unusual software on any of those devices within the last month since those attacks started. If it is some software on my device that's exposing these vulnerabilities and if ESET is aware of them, how can I get it (ESET) to point me in the direction of which software exactly is responsible for them or at least provide any kind of details to let me narrow down their cause? Unfortunately as per my screenshot both the main log and the temporary blacklist/troubleshooting reports contain next to no information aside from the IP and ports and while I'd very much like to get rid of whatever is exposing those vulnerabilities unfortunately I have no idea how to track it down. For the record, I've spent quite some time monitoring the network tab of the system's Resource Monitor and none of the apps or services on my main system use any of the ports or IPs featured in the ESET reports or anything even remotely close to those. By the way, for issues like this, does the fact that all 3 computers generate the same reports mean that each of them is exposing the same vulnerability on it's own (so it's the same software on all 3 I guess?) or is it enough for it to be present on just one of them or perhaps even a different device on the same network?

Thank You for a quick reply. I'm really glad it sounds like it's not some hidden malware inviting those attacks into my local network after all. If I may ask just to check - is normal that I was still getting those "Security vulnerability exploitation attempt" reports after setting up an ESET firewall rule blocking all possible connections (any protocol, both directions, highest priority I could set, warning notifications enabled - not one of them showed up) which included the addresses from those reports? Does ESET log those attempts before applying the firewall rules or did I mess something up? Also, sorry if it's a dumb question, but if the firewall on my router lets everything through then is it not something that could/should be detected via the "Scan your network" option in the ESET "Network Inspector"? Or is it not covered by that scan? Unfortunately for me the complete ESET network scan didn't return any security issues with the router or the network in general, so I (likely incorrectly) figured it was working fine. Either way, based on your suggestion that it could be a router issue I've managed to get my ISP to switch me back from IPv6 to IPv4 which somehow enabled manual IPv4 range blocking on my router, so with a bit of luck that will sort that out.

Hi! I've been using ESET Internet Security on all of the computers in my home network for years now and never really had any major security issues. However for the past month or so I've noticed a worryingly large number of "Security vulnerability exploitation attempt" reports in the "Network protection" of the logs section - I've included a screenshot of them below. I'm getting these reports intermittently at all computers on my local network and what worries me is that in each case ESET reports their local IP as the target despite the fact that they are behind a router and to my knowledge I don't have any kind of port forwarding enabled anywhere. To add a few more details regarding my network setup: All of the computers on my network are behind a Connect Box router provided by my ISP (UPS Poland) which uses IPv6 that changes dynamically from time to time, has it's own firewall enabled (though sadly it's not really configurable), has port scanning detection enabled and to my knowledge has no port forwarding of any kind enabled on it. Aside from two PCs and a laptop (all with the latest Windows 10 and ESET Internet Security updates) my local network consists of a few Android phones, a Brother printer with WiFi access, two Yeelight smart lamps and one Gosund smart plug - all of which have been on my network for over a year, so no new hardware has been added recently. Now regarding the attacker: From what I can tell all of those IPs belong to DigitalOcean and when viewing the blacklist troubleshooter in ESET the device in question comes up as "unknown" at first, but then changes to something called "strechoid" as per the second included screenshot. As far as I can tell that name has been connected to reports of illicit activities such as port scanning over the past few months if not years. The port scanning detection on my router does report some port scan attempts, but their timestamps do not correspond with the aforementioned ESET reports. Also, the report timestamp on various PCs on my network do vary quite a bit - sometimes only appearing on some and not all PCs that are on at the time. I've already scanned all of my devices with a complete ESET scan as well as a Malwarebytes one just in case. I've also tried adding a rule to the ESET Firewall blocking any and all communications from the 192.241.200.0-192.241.230.255 IP range and moved it to the very top of the rule list (even above the predefined rules), but unfortunately this didn't really do anything as I have received yet another exploitation attempt warning the next day. These attacks happen at very random times (sometimes even days apart) and I have no idea what triggers them so I can't really replicate or predict them. Due to this I'm afraid catching any of them with the ESET Log Collector might be very problematic. Is there any way to determine what's causing these attacks and how to prevent them? Is this a known issue? How come they report my local IP as the target? Is it possible that something on my network (malware?) is enabling those attacks even though it didn't come up in any of the scans?