Jump to content

Security Vulnerability Attempt on blocked port


Recommended Posts

Received the below Security Vulnerability Exploitation attempt but confused as the server sits in Azure with all traffic blocked by the NSG inbound so cannot see why ESET alerting for this (Known Bad) IP for this attempt.

Can anyone explain or seen similar alerts that do not make sense?

Just concerned that something has even attempted to exploit this server as it has no inbound ports open.

 

Network Vulnerability Alert on server.domain.local

Computer Name: server.domain.local

Username:

Timestamp: 1/15/22, 7:27:12 AM UTC

Severity: Warning

Event: Security vulnerability exploitation attempt

Threat Name: EsetIpBlacklist

Process Name:

Protocol: TCP

Inbound Communication: yes

Source Address: 220.249.167.16

Source Port: 52,183

Target Address: 10.1.0.5

Target Port: 1,433

 

This message was sent by ESET PROTECT

Link to comment
Share on other sites

  • Administrators

My understanding is that the communication first goes through ESET's firewall and only then it's evaluated by NSG which would account for ESET's detections.

Link to comment
Share on other sites

Thanks for the reply but I do not understand how that could be, the traffic should hit the NSG First and be blocked and ESET should never see it as the communication is inbound.

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...