Kavishka Dilshan 0 Posted July 2 Posted July 2 Dear All Every day I received one message from ESET End Point Security regarding, A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. After received this message my internet connection suddenly disconnect. After restart my Firewall it will work. As per my knowledge this message coming because of the duplicate IP address in my network. How I fix this issue. I have DHCP pool in my firewall. I think that pool is not working properly. some time this message coming with default gateway IP. If I disable and enable DHCP pool from my firewall it can be fix this issue? Thanks
itman 1,808 Posted July 2 Posted July 2 1 hour ago, Kavishka Dilshan said: I have DHCP pool in my firewall. What do you mean here? Have you modified Eset defaul firewall rules for DHCP?
Kavishka Dilshan 0 Posted July 3 Author Posted July 3 14 hours ago, itman said: What do you mean here? Have you modified Eset defaul firewall rules for DHCP? I mean DHCP pool in my fortgate Firewall
itman 1,808 Posted July 3 Posted July 3 (edited) 23 hours ago, Kavishka Dilshan said: A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. Your device has been enrolled in a botnet. Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered: https://www.cvedetails.com/vulnerability-list/vendor_id-3080/Fortinet.html Edited July 3 by itman
Kavishka Dilshan 0 Posted July 3 Author Posted July 3 57 minutes ago, itman said: Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered. I received this message from so many IPes in my network.
itman 1,808 Posted July 3 Posted July 3 2 minutes ago, Kavishka Dilshan said: I received this message from so many IPes in my network. Review the linked Eset article in detail. Of note; If the device functions as a router, it might not be infected itself but could be configured to forward malicious traffic to your network from external sources. We recommended reviewing the router settings The possibly infected device is sending (or forwarding) malicious traffic to other devices in your local network
itman 1,808 Posted July 3 Posted July 3 (edited) You can also try using Eset Network Inspector: https://help.eset.com/ees/11/en-US/idh_page_sysinspector.html?zoom_highlightsub=network+inspector to scan your network and identify if your router has been compromised. -EDIT- Apologies, it appears Eset doesn't include Network Inspector feature in its Endpoint versions. Edited July 3 by itman
itman 1,808 Posted July 4 Posted July 4 (edited) On 7/2/2024 at 10:01 AM, Kavishka Dilshan said: Every day I received one message from ESET End Point Security regarding, A device on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. As per my knowledge this message coming because of the duplicate IP address in my network. Post a screenshot of the Eset alert for the above. If the alert is the same as shown in this Eset forum posting: https://forum.eset.com/topic/36808-duplicate-ip/ ; follow the mitigation procedure given in that posting. Edited July 4 by itman
Recommended Posts