Network threat blocked (different IP)

[Paulneedshelp 0]

 

I get many Network threat blocked pop-ups every day almost once in a day, sometimes several times a day, or sometimes once every second day
for like months now from usually different ips

 I have no idea what this is?
and i wonder why this is? Is it some hacker or something else?

I guess ESET SMART SECURITY PREMIUM VERSION 15.2.11.0 blocks it and protects but i wanna make sure it does that?

Here is what all the pop-ups say Network threat blocked
Security vulnerability exploitation attempt
A computer on the network tried to exploit a security
vulnerability. This could allow attackers to gain control
over your computer.
The threat was blocked.
Change handling of this threat

and when I click change handling of this threat

it says this Network threat blocked
Security vulnerability exploitation attempt
A computer (192.241.219.20) on the network tried to exploit a security vulnerability. This
could allow attackers to gain control over your computer.
Unless you are sure that the detected threat is harmless it should be blocked.
Threat:
EsetlpBlacklist
Remote address:
192.241.219.20
Continue blocking this type of threat?
Continue blocking
 Allow
Notify only when this threat is blocked
Notify whenever this threat occurs
 Do not notify

[Marcos 5,074]

By default attack attempts coming from the Internet should be blocked silently. Do you use default settings? Do you use a router with NAT?

[itman 1,659]

This IP address, 192.241.219.20, is on numerous blacklists:

What the Eset detection is stating is you have software; either Windows or application based, that has one or more vulnerabilities associated with it. What is happening is a remote attacker originating from the shown IP address is attempted to exploit a vulnerability to gain access to your PC for malicious purposes.

Review your Eset Detection log for further details on this attack activity. The log entries should contain a CVE reference. You can lookup this CVE reference on the Internet to find which software contains the vulnerability. You then need to apply the latest update available for this software to eliminate this remote exploit activity.

Edited August 7, 2022 by itman

[itman 1,659]

4 hours ago, Marcos said:

By default attack attempts coming from the Internet should be blocked silently

From what I can determine, Eset hasn't blacklisted this IP address, 192.241.219.20.

Let's say the attacker has already set up a reverse shell, backdoor, etc. to connect to the IP address. Could this be the reason for the alerting versus silent blocking of the exploit activity?

Edited August 7, 2022 by itman

[Marcos 5,074]

1 hour ago, itman said:

From what I can determine, Eset hasn't blacklisted this IP address, 192.241.219.20.

It's been blacklisted by Network protection since September 2020.  Domains like zg-*-*.stretchoid.com resolve to it, many of them are referred to as spam addresses on the Internet.

Looking at https://www.abuseipdb.com/check/192.241.219.20, there are still many attacks performed from the IP address.

[itman 1,659]

1 hour ago, Marcos said:

It's been blacklisted by Network protection since September 2020. 

When I enter http://192.241.219.20 in  a browser, Eset doesn't block it although I can't connect.

Likewise if the above was done via a reverse shell, would Eset detect it?

[Paulneedshelp 0]

Hi Marcos and itman thanks so much for responding to my post so essentially I have Verizon fios internet and I was just curious about how it worked so I connected my pc to my optical network terminal ont as Verizon calls it and that’s when I stated getting these Network threat blocked but with different IP addresss

so I really just want to know how do I stop these network threat blocked pop-ups 

im just really really curious 

[itman 1,659]

2 hours ago, Paulneedshelp said:

I have Verizon fios internet and I was just curious about how it worked so I connected my pc to my optical network terminal ont as Verizon calls it and that’s when I stated getting these Network threat blocked but with different IP addresss

Based on this Version forum article about FIOS: https://forums.verizon.com/t5/fios-internet/to-modem-or-not-to-modem-that-is-the-question/m-p/901134, a typical home network setup includes the ONT, a router, and one or more TV set-top boxes (devices.)

Appears in a Verizon FIOS setup, the ONT device is actually a stand-alone gateway versus other ISP's who package the router and gateway within a single device.

It appears something is not properly configured on the Verizon router. It should have a built-in firewall that is supposed to block unsolicited inbound Internet traffic. I would start by contacting Verizon tech support and have them verify your router is functioning properly and is also properly configured.

Edited August 7, 2022 by itman