Enrico 3 Posted June 30, 2022 Share Posted June 30, 2022 From yesterday I'm having the following inbound blocked traffic logs: Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User 30/06/2022 10:47:33;No application listening on the port;Blocked;92.245.188.58:443;192.168.1.191:49718;TCP;;;0000000000000000000000000000000000000000; Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User 30/06/2022 13:17:28;No application listening on the port;Blocked;81.4.100.200:443;192.168.1.191:50315;TCP;;;0000000000000000000000000000000000000000; Could it be that my router has been infected with ZuoRAT? Link to comment Share on other sites More sharing options...
itman 1,741 Posted June 30, 2022 Share Posted June 30, 2022 45 minutes ago, Enrico said: Could it be that my router has been infected with ZuoRAT? Possible. Do a hard reset on your router to set things back to default settings. Then monitor if the Eset Network log entries no longer appear. Link to comment Share on other sites More sharing options...
Enrico 3 Posted June 30, 2022 Author Share Posted June 30, 2022 (edited) Thanks for the suggestion, I did a factory reset and then realized that I was using Marcos suggestion for the logs: https://forum.eset.com/topic/32651-web-access-protection-the-url-address-is-too-broad/?do=findComment&comment=152084 So it was a false alarm (after diggin' discovered that IP's were from website tracking and imaps). Edited June 30, 2022 by Enrico Link to comment Share on other sites More sharing options...
Recommended Posts