Jump to content

Win32/Botnet.generic TCP Port Scan attack local network

Recommended Posts


Hoping someone out there will be able to help provide additional information to help track down if these reports are malicious or false positives. Recently we've been getting this notification (TCP Port Scan attack Win32/Botnet.generic). 

TCP port scan detected; Blocked;;; TCP; Win32/Botnet.generic

A TCP port scan was detected and blocked. The source IP addresses and ports scanned were and The malware detected was Win32/Botnet.generic.

Duplicate IP addresses detected in network; Blocked; [b0:95:75:12:03:5d]; [b0:95:75:12:16:13]; ARP


How to track and remove a threat.

For any information that may be able to help us identify this would be greatly appreciated! 

Link to comment
Share on other sites

  • Administrators

Couldn't it be that you have Windows Defernder APT installed or a penetration test was being performed when the detection occurred? Are you able to reproduce the detection?

Link to comment
Share on other sites

First,Win32/Botnet.generic is an Eset detection id.

7 hours ago, Marcos said:

penetration test was being performed when the detection occurred?

"My money" is on this event. Port 23 is used by Telnet which is not installed by default on Win 10/11. However, it can be installed by one of the methods listed in this article: https://www.makeuseof.com/enable-telnet-windows/ .

External scan attempts against port 23 are a common occurrence by hackers. Normally, such activity should be blocked by an external firewall; either on the router/gateway firewall, or by firewall appliance at network perimeter. 

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...