Jump to content

NT Kernel & System (Constant attempts to connect from a remote IP address, ICMP protocol)

molojavy
 Share
Go to solution Solved by itman,

Recommended Posts

itman

itman 1,630

Posted
Posted (edited)

Strange that what appears to be a residential ISP provider in Thailand is pinging you;

Eset_ISP_1.thumb.png.6c0dd014fd2fcd418aed9ac74d2d9f87.png

Eset_ISP_2.thumb.png.09d425efb87224d275d4ee9b46548536.png

Also, your router firewall should be blocking this ping activity on the WAN-side of the router.

Edited by itman
Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
3 hours ago, itman said:

Strange that what appears to be a residential ISP provider in Thailand is pinging you;

Eset_ISP_1.thumb.png.6c0dd014fd2fcd418aed9ac74d2d9f87.png

Eset_ISP_2.thumb.png.09d425efb87224d275d4ee9b46548536.png

Also, your router firewall should be blocking this ping activity on the WAN-side of the router.

This is really strange, thats why im asking for help or opinion. My first thought was that i have a reverse shell or something like that... But im not specialist at stuff like that...

Link to comment
Share on other sites
  • Solution
itman

itman 1,630

Posted
  • Solution
Posted (edited)

Since Eset is blocking inbound ping activity, I would say you're not infected.

Also, ping activity from external sources is expected since hackers are always looking for targets. Again, you should check out your router firewall and make sure its configured properly. It it where you want this ping activity to be dropped at.

Edited by itman
Link to comment
Share on other sites
itman

itman 1,630

Posted
Posted (edited)

You might also be the target of a Ping (ICMP) Flood attack: https://www.radware.com/security/ddos-knowledge-center/ddospedia/icmp-flood/ since you state this activity is occurring on a continuing basis.

Eset IDS doesn't detect this attack as best as I can determine. Again, most router firewalls should. You can create an Eset firewall rule to block all inbound network traffic from remote IP address,1.0.168.192. However, this won't prevent your network bandwidth being saturated with these requests.

Edited by itman
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted

By the way, you are using a license from Sri Lanka which was misused and is one of those that were seen sold to numerous users, typically for a dumping price. I'd suggest contacting the seller, asking for a refund and purchasing a regular license from an authorized ESET distributor or reseller.

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
6 minutes ago, Marcos said:

By the way, you are using a license from Sri Lanka which was misused and is one of those that were seen sold to numerous users, typically for a dumping price. I'd suggest contacting the seller, asking for a refund and purchasing a regular license from an authorized ESET distributor or reseller.

Thanks for the information.

Do i have no right to use it? Am i gonna loose my license now?

 

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
22 minutes ago, Marcos said:

By the way, you are using a license from Sri Lanka which was misused and is one of those that were seen sold to numerous users, typically for a dumping price. I'd suggest contacting the seller, asking for a refund and purchasing a regular license from an authorized ESET distributor or reseller.

May I ask you to provide me a additional information about the licence issue? Because i would like to clear this situation. And any official information from ESET gonna help me.

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
7 minutes ago, Marcos said:

The license is registered to  from Sri Lanka.

Many thanks for your time. Just one last question, are we talking about license until 13.10.2024? One year/One PC?

 

And im really sorry for asking so many questions.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted

Yes, the public license ID: 3A9-AN4-VSH, reseller: DCS International Private Limited (shop.eset.lk), expiration date: 10/13/2024. Registered to person: Sxxxxxh Gxxxxxi

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
2 minutes ago, Marcos said:

Yes, the public license ID: 3A9-AN4-VSH, reseller: DCS International Private Limited (shop.eset.lk), expiration date: 10/13/2024.

Many thanks, i already issued a refund.

Do you need the seller information, or copy of my transaction?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted

Yes, you can provide information about the seller. It's possible that their website is blocked by ESET.

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
1 minute ago, Marcos said:

Yes, you can provide information about the seller. It's possible that their website is blocked by ESET.

Sure, i need a couple of minutes to make all screenshots and prepare some links.

Link to comment
Share on other sites
itman

itman 1,630

Posted
Posted (edited)
30 minutes ago, Marcos said:

It's possible that their website is blocked by ESET

This web site, shop.eset.lk, is not blocked by Eset.

What is interesting is Sir Lanka link from Eset authorized partner web site won't render in Firefox.

Edited by itman
Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted
3 minutes ago, itman said:

The "give away" on this web site is the price; way to low, and that the license is not region locked.

Yeah... This was my first and last time been so stupid and purchase on this kind of sites...

Link to comment
Share on other sites
molojavy

molojavy 0

Posted
  • Author
Posted (edited)
46 minutes ago, Marcos said:

Yes, you can provide information about the seller. It's possible that their website is blocked by ESET.

Sir, can I kindly ask you to provide me a trial licence as an exception until my case is clear? Because I need to delete this stolen licence from my account.

Edited by molojavy
Misspellings
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted
4 hours ago, itman said:

This web site, shop.eset.lk, is not blocked by Eset.

This belongs to an authorized distributor and it's the issuer of the license, not the seller.

Kinguin.net is an online market where virtually everybody can sell goods. It's not a website that would sell ESET and other software directly.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted
3 hours ago, molojavy said:

Sir, can I kindly ask you to provide me a trial licence as an exception until my case is clear? Because I need to delete this stolen licence from my account.

It is possible to activate a fully functional 30-day trial license after installation which you can use in the mean time.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...