JosephKing 3 Posted April 21, 2018 Share Posted April 21, 2018 (edited) I've found activity through my firewall and Wireshark. they are IP addresses belonging to RIPE NCC. They fall in a 77.x.x.x-89.x.x.x IP address range. Through TCPView I've traced activity to RIPE NCC, however, I have not made a 100% determination. I'm wondering if ESET uses a range of RICE NCC IP addresses to function. The only packets I've captured are for NBNS and UDP going to a destination port of 8888. In TCPView the IP addresses go to PIDs such as 0 (System Process), and other important handles. My firewall shows a regular block of inbound activity from 77.x.x.x I wonder if this activity could also be malicious or a bot activity. Edited April 21, 2018 by JosephKing Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted April 21, 2018 Administrators Share Posted April 21, 2018 Please refer to this KB article for a list of IP addresses used by ESET's products: https://support.eset.com/kb332/. Link to comment Share on other sites More sharing options...
Recommended Posts