Kavishka Dilshan 0 Posted Tuesday at 02:01 PM Share Posted Tuesday at 02:01 PM Dear All Every day I received one message from ESET End Point Security regarding, A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. After received this message my internet connection suddenly disconnect. After restart my Firewall it will work. As per my knowledge this message coming because of the duplicate IP address in my network. How I fix this issue. I have DHCP pool in my firewall. I think that pool is not working properly. some time this message coming with default gateway IP. If I disable and enable DHCP pool from my firewall it can be fix this issue? Thanks Quote Link to comment Share on other sites More sharing options...
itman 1,720 Posted Tuesday at 03:26 PM Share Posted Tuesday at 03:26 PM 1 hour ago, Kavishka Dilshan said: I have DHCP pool in my firewall. What do you mean here? Have you modified Eset defaul firewall rules for DHCP? Quote Link to comment Share on other sites More sharing options...
Kavishka Dilshan 0 Posted yesterday at 05:29 AM Author Share Posted yesterday at 05:29 AM 14 hours ago, itman said: What do you mean here? Have you modified Eset defaul firewall rules for DHCP? I mean DHCP pool in my fortgate Firewall Quote Link to comment Share on other sites More sharing options...
itman 1,720 Posted yesterday at 12:45 PM Share Posted yesterday at 12:45 PM (edited) 23 hours ago, Kavishka Dilshan said: A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. Your device has been enrolled in a botnet. Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered: https://www.cvedetails.com/vulnerability-list/vendor_id-3080/Fortinet.html Edited yesterday at 01:37 PM by itman Quote Link to comment Share on other sites More sharing options...
Kavishka Dilshan 0 Posted yesterday at 01:49 PM Author Share Posted yesterday at 01:49 PM 57 minutes ago, itman said: Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered. I received this message from so many IPes in my network. Quote Link to comment Share on other sites More sharing options...
itman 1,720 Posted yesterday at 01:54 PM Share Posted yesterday at 01:54 PM 2 minutes ago, Kavishka Dilshan said: I received this message from so many IPes in my network. Review the linked Eset article in detail. Of note; If the device functions as a router, it might not be infected itself but could be configured to forward malicious traffic to your network from external sources. We recommended reviewing the router settings The possibly infected device is sending (or forwarding) malicious traffic to other devices in your local network Quote Link to comment Share on other sites More sharing options...
itman 1,720 Posted yesterday at 02:05 PM Share Posted yesterday at 02:05 PM (edited) You can also try using Eset Network Inspector: https://help.eset.com/ees/11/en-US/idh_page_sysinspector.html?zoom_highlightsub=network+inspector to scan your network and identify if your router has been compromised. -EDIT- Apologies, it appears Eset doesn't include Network Inspector feature in its Endpoint versions. Edited yesterday at 05:41 PM by itman Quote Link to comment Share on other sites More sharing options...
Kavishka Dilshan 0 Posted 13 hours ago Author Share Posted 13 hours ago What I need to do rectify this issue? Quote Link to comment Share on other sites More sharing options...
itman 1,720 Posted 2 hours ago Share Posted 2 hours ago (edited) On 7/2/2024 at 10:01 AM, Kavishka Dilshan said: Every day I received one message from ESET End Point Security regarding, A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. As per my knowledge this message coming because of the duplicate IP address in my network. Post a screenshot of the Eset alert for the above. If the alert is the same as shown in this Eset forum posting: https://forum.eset.com/topic/36808-duplicate-ip/ , follow the mitigation procedure given in that posting. Edited 2 hours ago by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.