Jump to content

Router infected with ZuoRAT?


Recommended Posts

From yesterday I'm having the following inbound blocked traffic logs:

Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User
30/06/2022 10:47:33;No application listening on the port;Blocked;92.245.188.58:443;192.168.1.191:49718;TCP;;;0000000000000000000000000000000000000000;
Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User
30/06/2022 13:17:28;No application listening on the port;Blocked;81.4.100.200:443;192.168.1.191:50315;TCP;;;0000000000000000000000000000000000000000;

Could it be that my router has been infected with ZuoRAT?

Link to comment
Share on other sites

45 minutes ago, Enrico said:

Could it be that my router has been infected with ZuoRAT?

Possible.

Do a hard reset on your router to set things back to default settings. Then monitor if the Eset Network log entries no longer appear.

Link to comment
Share on other sites

Posted (edited)

Thanks for the suggestion, I did a factory reset and then realized that I was using Marcos suggestion for the logs: https://forum.eset.com/topic/32651-web-access-protection-the-url-address-is-too-broad/?do=findComment&comment=152084

So it was a false alarm (after diggin' discovered that IP's were from website tracking and imaps).

Edited by Enrico
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...