Jump to content

IS IT THE ESET ADDRESS ?

HANDJOJO
 Share

Recommended Posts

HANDJOJO

HANDJOJO 11

Posted
Posted

Please inform me whether this is the ESET's server address, as I seen again this address in my Home Connection, as per screen shot attached.

Awaiting the information from ESET Staff

Thanks.

 

SCREENSHOT 1.jpg

SCREEN SHOT_2.jpg

Link to comment
Share on other sites
HANDJOJO

HANDJOJO 11

Posted
  • Author
Posted (edited)

I have been reported this similar address and then Marcos has replied my massage that he will ask to the developer, however till now no further information about for what this activity.

Thanks.

Edited by HANDJOJO
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

My best guess is its associated with LiveGrid. Eset published list of LiveGrid IP addresses include 91.228.166.45 and 91.228.166.46. Possible uses for 91.228.166.47 would be as a backup server for LiveGrid traffic when its main servers are off-line or having communication problems. Hence, the "webredir" as part of the domain name.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Here's what Robtex says about the IP address:

Quote

Eset PTR

The PTR is skh1-webredir01-v.eset.com. The IP number is in Slovak Republic. It is hosted by ESET NET.

We investigated 88 host names that point to 91.228.166.47 . Example: eset-smart-security.eu, esetlivegrid.net, esetendpointantivirus.net and www.eset-smart-security.com. We estimate that it is used as ip number by 103 host names.

Based on this, I would say the server IP address acts as a Eset network "router" to direct the connection to its desired Eset destination.

-EDIT- For example when I enter skh1-webredir01-v.eset.com in my browser, I am redirected to this Eset U.S. where I reside based web site: https://www.eset.com/us/get-protected/?adobe_mc_ref

Edited by itman
Link to comment
Share on other sites
HANDJOJO

HANDJOJO 11

Posted
  • Author
Posted

Thanks Itman for your information, my question is why my EIS block this certain activity if this address came from ESET NET hosted, its seems like unwanted activity.

Awaiting the clear information.

B/regards,

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)
9 hours ago, HANDJOJO said:

Thanks Itman for your information, my question is why my EIS block this certain activity if this address came from ESET NET hosted, its seems like unwanted activity.

OK. I misunderstood what your concern was.

The network alert you are receiving is one that is associated with an unstateful network connection; i.e. inbound connection associated with no preceding outbound connection. Verify that that the default Eset firewall for ekrn.exe is enabled and has not been modified; it should allow all inbound and outbound communication for ekrn.exe. 

This same issue has occurred previously: https://forum.eset.com/topic/7831-ess-log-shows-27-inbound-tcp-packet-blocks-from-ip-belonging-to-eset/so refer to this:

 

Edited by itman
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

I will state this about the Eset IP address connection. For anyone using a router with a stateful firewall, this inbound traffic would have been automatically blocked by the router. Possibly why I have never seen it.

If this inbound traffic bothers you, just create an Eset firewall rule to block any inbound TCP traffic with a remote IP address of 91.228.166.47. Move the rule to the top of the existing rule set and your issue is resolved.

Edited by itman
Link to comment
Share on other sites
HANDJOJO

HANDJOJO 11

Posted
  • Author
Posted

Thanks Itman for your clear information, I think I don't need to set the rule in ESET Firewall as this activity has appeared since yesterday.

B/regards,

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...