Jump to content

Recommended Posts

Posted

Dear All

Every day I received one message from ESET End Point Security regarding, A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. After received this message my internet connection suddenly disconnect. After restart my Firewall it will work. As per my knowledge this message coming because of the duplicate IP address in my network. How I fix this issue. I have DHCP pool in my firewall. I think that pool is not working properly.  some time this message coming with default gateway IP. If I disable and enable DHCP pool from my firewall it can be fix this issue?

Thanks

Posted
1 hour ago, Kavishka Dilshan said:

I have DHCP pool in my firewall.

What do you mean here? Have you modified Eset defaul firewall rules for DHCP?

Posted
14 hours ago, itman said:

What do you mean here? Have you modified Eset defaul firewall rules for DHCP?

I mean DHCP pool in my fortgate Firewall

Posted (edited)
23 hours ago, Kavishka Dilshan said:

A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block.

Your device has been enrolled in a botnet. Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic

I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered: https://www.cvedetails.com/vulnerability-list/vendor_id-3080/Fortinet.html

Edited by itman
Posted
57 minutes ago, itman said:

Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic

I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered.

I received this message from so many IPes in my network. 

Posted
2 minutes ago, Kavishka Dilshan said:

I received this message from so many IPes in my network. 

Review the linked Eset article in detail. Of note;

  •  If the device functions as a router, it might not be infected itself but could be configured to forward malicious traffic to your network from external sources. We recommended reviewing the router settings
  • The possibly infected device is sending (or forwarding) malicious traffic to other devices in your local network
Posted (edited)
On 7/2/2024 at 10:01 AM, Kavishka Dilshan said:

Every day I received one message from ESET End Point Security regarding, A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block.

As per my knowledge this message coming because of the duplicate IP address in my network.

Post a screenshot of the Eset alert for the above.

If the alert is the same as shown in this Eset forum posting: https://forum.eset.com/topic/36808-duplicate-ip/ ;

image.png.8e7dc4422261b949010558ffb9e530f5.png

follow the mitigation procedure given in that posting.

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...