JAVE 0 Posted 19 hours ago Share Posted 19 hours ago We noticed dozent of events every daily, majority are EsetIpBlacklist.B some are EsetIpBlacklist.A. Port 443 needs to be open, using WS2022 patched up2date, with ESET Server Security 11.0.12012.0 and ESET Management Agent 11.4.1107.0. How to solve this issue? Logs are getting filled only with this server reports. Thank you. Process name System Rule name Rule ID Hash Source address 172.169.206.50 Source port 36730 Target address 192.168.2.106 Target port 443 Inbound Communication yes Protocol TCP Action Blocked User Occurrences per minute 1 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted 18 hours ago Administrators Share Posted 18 hours ago The server is exposed to the Internet so it's normal that it's targeted by attacks. As for the mentioned IP address, according to https://ipthreat.net/ip/172.169.206.50?page=0: Are you running a web server there since port 443 is being attacked? Quote Link to comment Share on other sites More sharing options...
JAVE 0 Posted 15 hours ago Author Share Posted 15 hours ago Yes IIS i running basic web server, only 443 is opened for https, nothing else. Should i ignore this? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted 12 hours ago Administrators Share Posted 12 hours ago I assume you could avoid logging these attacks by creating 2 IDS exceptions, one for EsetIpBlacklist.A and the other for EsetIpBlacklist.B detection that would have logging disabled: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.