Enrico 3 Posted June 30, 2022 Posted June 30, 2022 From yesterday I'm having the following inbound blocked traffic logs: Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User 30/06/2022 10:47:33;No application listening on the port;Blocked;92.245.188.58:443;192.168.1.191:49718;TCP;;;0000000000000000000000000000000000000000; Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User 30/06/2022 13:17:28;No application listening on the port;Blocked;81.4.100.200:443;192.168.1.191:50315;TCP;;;0000000000000000000000000000000000000000; Could it be that my router has been infected with ZuoRAT?
itman 1,799 Posted June 30, 2022 Posted June 30, 2022 45 minutes ago, Enrico said: Could it be that my router has been infected with ZuoRAT? Possible. Do a hard reset on your router to set things back to default settings. Then monitor if the Eset Network log entries no longer appear.
Enrico 3 Posted June 30, 2022 Author Posted June 30, 2022 (edited) Thanks for the suggestion, I did a factory reset and then realized that I was using Marcos suggestion for the logs: https://forum.eset.com/topic/32651-web-access-protection-the-url-address-is-too-broad/?do=findComment&comment=152084 So it was a false alarm (after diggin' discovered that IP's were from website tracking and imaps). Edited June 30, 2022 by Enrico
Recommended Posts