Paulneedshelp 0 Posted August 6, 2022 Share Posted August 6, 2022 I get many Network threat blocked pop-ups every day almost once in a day, sometimes several times a day, or sometimes once every second day for like months now from usually different ips I have no idea what this is? and i wonder why this is? Is it some hacker or something else? I guess ESET SMART SECURITY PREMIUM VERSION 15.2.11.0 blocks it and protects but i wanna make sure it does that? Here is what all the pop-ups say Network threat blocked Security vulnerability exploitation attempt A computer on the network tried to exploit a security vulnerability. This could allow attackers to gain control over your computer. The threat was blocked. Change handling of this threat and when I click change handling of this threat it says this Network threat blocked Security vulnerability exploitation attempt A computer (192.241.219.20) on the network tried to exploit a security vulnerability. This could allow attackers to gain control over your computer. Unless you are sure that the detected threat is harmless it should be blocked. Threat: EsetlpBlacklist Remote address: 192.241.219.20 Continue blocking this type of threat? Continue blocking Allow Notify only when this threat is blocked Notify whenever this threat occurs Do not notify Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted August 7, 2022 Administrators Share Posted August 7, 2022 By default attack attempts coming from the Internet should be blocked silently. Do you use default settings? Do you use a router with NAT? Link to comment Share on other sites More sharing options...
itman 1,542 Posted August 7, 2022 Share Posted August 7, 2022 (edited) This IP address, 192.241.219.20, is on numerous blacklists: What the Eset detection is stating is you have software; either Windows or application based, that has one or more vulnerabilities associated with it. What is happening is a remote attacker originating from the shown IP address is attempted to exploit a vulnerability to gain access to your PC for malicious purposes. Review your Eset Detection log for further details on this attack activity. The log entries should contain a CVE reference. You can lookup this CVE reference on the Internet to find which software contains the vulnerability. You then need to apply the latest update available for this software to eliminate this remote exploit activity. Edited August 7, 2022 by itman Link to comment Share on other sites More sharing options...
itman 1,542 Posted August 7, 2022 Share Posted August 7, 2022 (edited) 4 hours ago, Marcos said: By default attack attempts coming from the Internet should be blocked silently From what I can determine, Eset hasn't blacklisted this IP address, 192.241.219.20. Let's say the attacker has already set up a reverse shell, backdoor, etc. to connect to the IP address. Could this be the reason for the alerting versus silent blocking of the exploit activity? Edited August 7, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted August 7, 2022 Administrators Share Posted August 7, 2022 1 hour ago, itman said: From what I can determine, Eset hasn't blacklisted this IP address, 192.241.219.20. It's been blacklisted by Network protection since September 2020. Domains like zg-*-*.stretchoid.com resolve to it, many of them are referred to as spam addresses on the Internet. Looking at https://www.abuseipdb.com/check/192.241.219.20, there are still many attacks performed from the IP address. Link to comment Share on other sites More sharing options...
itman 1,542 Posted August 7, 2022 Share Posted August 7, 2022 1 hour ago, Marcos said: It's been blacklisted by Network protection since September 2020. When I enter http://192.241.219.20 in a browser, Eset doesn't block it although I can't connect. Likewise if the above was done via a reverse shell, would Eset detect it? Link to comment Share on other sites More sharing options...
Paulneedshelp 0 Posted August 7, 2022 Author Share Posted August 7, 2022 Hi Marcos and itman thanks so much for responding to my post so essentially I have Verizon fios internet and I was just curious about how it worked so I connected my pc to my optical network terminal ont as Verizon calls it and that’s when I stated getting these Network threat blocked but with different IP addresss so I really just want to know how do I stop these network threat blocked pop-ups im just really really curious Link to comment Share on other sites More sharing options...
itman 1,542 Posted August 7, 2022 Share Posted August 7, 2022 (edited) 2 hours ago, Paulneedshelp said: I have Verizon fios internet and I was just curious about how it worked so I connected my pc to my optical network terminal ont as Verizon calls it and that’s when I stated getting these Network threat blocked but with different IP addresss Based on this Version forum article about FIOS: https://forums.verizon.com/t5/fios-internet/to-modem-or-not-to-modem-that-is-the-question/m-p/901134, a typical home network setup includes the ONT, a router, and one or more TV set-top boxes (devices.) Appears in a Verizon FIOS setup, the ONT device is actually a stand-alone gateway versus other ISP's who package the router and gateway within a single device. It appears something is not properly configured on the Verizon router. It should have a built-in firewall that is supposed to block unsolicited inbound Internet traffic. I would start by contacting Verizon tech support and have them verify your router is functioning properly and is also properly configured. Edited August 7, 2022 by itman Link to comment Share on other sites More sharing options...
Recommended Posts