Jump to content

Security vulnerability exploitation attempt source is internal exchange address


Recommended Posts

I have two entries in my network protection log where the source is my internal ip for the exchange server - port 25 - user NTAuthority - application frontendtransport. I have run a scan and it is clean. How do I track this down?

Link to comment
Share on other sites

  • Administrators

I assume those IP addresses are not known to you, are they? They are swapped in the log which is a known bug and will be fixed soon.

Link to comment
Share on other sites

  • Administrators
6 minutes ago, Michelle911 said:

No those IP addresses are not known to me. It's alarming to see my machine as the source!

As I wrote, your server is not the source and it's just that the IP addresses are swapped in the log for this particular detection. ESET detected and blocked exploitation attempts from those IP addresses.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...