kevroc 0 Posted June 26, 2020 Share Posted June 26, 2020 Hi, i keep getting application security vulnerability network attack. I stopped all torrents and now i keep getting "SMB attack generic" attack exploitation message by ESET IS every 10-15 minutes. But when i see the logs section of "Network protection" there is no log of the attack. The eset message says "It could be attackers trying to gain control of your system". How can i stop this ? Here is the network protection log i have. Some time i get port scanning attacks also. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted June 26, 2020 Administrators Share Posted June 26, 2020 Please carry on as follows: - enable advanced logging under Help and support -> Details for technical support - reproduce the detection - disable advanced logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
kevroc 0 Posted June 26, 2020 Author Share Posted June 26, 2020 Here are the logs from ESET Log Collector. I have attached them. eis_logs.zip Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted June 26, 2020 Share Posted June 26, 2020 Try blocking all inbound connection in ESET firewall by creating a rule. Does that help? Link to comment Share on other sites More sharing options...
kevroc 0 Posted June 26, 2020 Author Share Posted June 26, 2020 (edited) 1 hour ago, SeriousHoax said: Try blocking all inbound connection in ESET firewall by creating a rule. Does that help? I need incoming for my torrent client alone and i have made a rule for it. Will the new rule of denying all incoming connections affect that of my torrent client also ? EDIT : I just tried blockin all incoming connections in firewall. I still get the attacks. It says "A device on the network is trying to exploit a security vulnerability" . In firewall i choose inbound to "Deny", for type i choose "all" and clicked save. I din't choose any specific apps or ports in the Local and remote tabs (I just left them empty) Is this the right way to block all incoming connections ? Edited June 26, 2020 by kevroc Link to comment Share on other sites More sharing options...
ESET Staff JamesR 52 Posted June 26, 2020 ESET Staff Share Posted June 26, 2020 The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router. If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet. Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you. Link to comment Share on other sites More sharing options...
kevroc 0 Posted June 26, 2020 Author Share Posted June 26, 2020 50 minutes ago, JamesR said: The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router. If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet. Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you. Oh ok sir. I have a wifi at home which the rest of the family uses. I am using another connection from the same isp which is directly plugged into my laptop port since it gave me the least ping while gaming. I have a doubt. Everyone who use a desktop pc has a wired connection plugged directly into their pc's cpu right ? Is it the same as the way i am currently using on my laptop or different ? (During gaming i starting getting ping spikes and so the rest of the players adviced me to use a wired connection & to stop using a wifi) So i ended up using the internet connection like this . Link to comment Share on other sites More sharing options...
ESET Staff JamesR 52 Posted June 26, 2020 ESET Staff Share Posted June 26, 2020 It sounds like you have purchased 2 internet lines. One where you have a WIFI Router, and one where you are directly connected to the internet. You should put a router between your computer and the internet. You can easily purchase a router that uses a physical network cable instead of using wifi. Your Wifi router may even have extra Ethernet ports as well. But the key thing is, a router is what hides your computer from others being able to directly see and attack your computer. In short, you need some form of physical hardware that will assign your computer a private IP address, thus stopping the attacks. I would recommend a router that supports an Ethernet (hardwired) connection instead of Wifi. As you will need hardware to help protect your computer, there is not much else we can do on the forums. I highly recommended that you may want to talk with your ISP or a local computer technician to assist in configuring a router that will support a wired connection. Link to comment Share on other sites More sharing options...
itman 1,659 Posted June 26, 2020 Share Posted June 26, 2020 1 hour ago, kevroc said: During gaming i starting getting ping spikes and so the rest of the players adviced me to use a wired connection & to stop using a wifi) More security crazy is a PC used for gaming would access the Internet w/o a secure router connection. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted June 27, 2020 Administrators Share Posted June 27, 2020 The blocked IP address is known to be a source of recent RDP attacks and probing for open ports. Is it that uTorrent doesn't work as long as the IP address is blocked? For your torrent client you can set up an IDS exception (F5 -> Network protection -> Network attack protection -> List of ids exceptions ->Add -> Alert: Security Vulnerability exploitation, Threat Name:Incoming.Attack.Generic, Direction:In, Application:select your torrent client, Block:No,Notify:No,Log:no). Regarding the SMB attack, it's genuine and no exception should be made for it. As already advised, close the ports, use a router and set the network as public. Link to comment Share on other sites More sharing options...
kevroc 0 Posted June 27, 2020 Author Share Posted June 27, 2020 23 hours ago, JamesR said: The ESET Log Collector log you supplied shows you have a public IP address directly on your computer. This means you are not behind a router. This is very insecure and you will continue to see these attacks until you place your computer behind a router. If you contact your Internet Service Provider (ISP), they may refer to a router as a gateway, residential gateway, 2 in 1 modem, etc... If my talk of Router/Gateway and Public IP address is a new concept for you, I recommend working with your ISP or a local computer technician who can assist in setting up a router to hide your computer from the internet. Again, I can not emphasize this enough, it is very dangerous to connect a computer directly to the internet where it will be assigned a public IP address. Doing so will lead to non-stop attacks like the ones ESET is showing you. I used the family wifi connection from morning, even torrented from morning and in the last 14 hours i dint receive any attack or port scanning. Thanks a lot for the ESET staffs for solving my issue I contacted my isp and they should be visiting me by monday to setup the router for my connection. 11 hours ago, Marcos said: The blocked IP address is known to be a source of recent RDP attacks and probing for open ports. Is it that uTorrent doesn't work as long as the IP address is blocked? For your torrent client you can set up an IDS exception (F5 -> Network protection -> Network attack protection -> List of ids exceptions ->Add -> Alert: Security Vulnerability exploitation, Threat Name:Incoming.Attack.Generic, Direction:In, Application:select your torrent client, Block:No,Notify:No,Log:no). Regarding the SMB attack, it's genuine and no exception should be made for it. As already advised, close the ports, use a router and set the network as public. Yes i got RDP attacks too. Actually utorrent works if the attacks happen, but if i receive more than 7 or 8 attacks in a short span of time, my internet slowed down to 1/2 or even to 1/4 of its original speed. I then had to completely disconnect and reconnect from the internet to get back my full speed. Thank you i will make that IDS exception as you said And yes, i have requested for a router and hopefully be installed by monday from my ISP . Link to comment Share on other sites More sharing options...
Recommended Posts