David Manson 0 Posted January 18, 2022 Share Posted January 18, 2022 Received the below Security Vulnerability Exploitation attempt but confused as the server sits in Azure with all traffic blocked by the NSG inbound so cannot see why ESET alerting for this (Known Bad) IP for this attempt. Can anyone explain or seen similar alerts that do not make sense? Just concerned that something has even attempted to exploit this server as it has no inbound ports open. Network Vulnerability Alert on server.domain.local Computer Name: server.domain.local Username: Timestamp: 1/15/22, 7:27:12 AM UTC Severity: Warning Event: Security vulnerability exploitation attempt Threat Name: EsetIpBlacklist Process Name: Protocol: TCP Inbound Communication: yes Source Address: 220.249.167.16 Source Port: 52,183 Target Address: 10.1.0.5 Target Port: 1,433 This message was sent by ESET PROTECT Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted January 18, 2022 Administrators Share Posted January 18, 2022 My understanding is that the communication first goes through ESET's firewall and only then it's evaluated by NSG which would account for ESET's detections. Link to comment Share on other sites More sharing options...
David Manson 0 Posted January 18, 2022 Author Share Posted January 18, 2022 Thanks for the reply but I do not understand how that could be, the traffic should hit the NSG First and be blocked and ESET should never see it as the communication is inbound. Link to comment Share on other sites More sharing options...
Recommended Posts