spc3rd 9 Posted March 23, 2016 Share Posted March 23, 2016 (edited) Good morning everyone, I have observed the Troubleshooting Log shows an entry this morning (during the past hour) where ESS blocked 95 UDP inbound port scanning attempts all at once from IP address: 209.126.110.5. After the first block, ESS put the IP address in the temporary blacklist area. [screenshot attached below]. Checking the IP at Hosts-file.net shows it to be flagged red (malicious). The IP is apparently located in St. Louis, Missouri (USA). IPvoid, VirusTotal, and Senderbase did not flag the IP address, however. My question: Is there any action I need to take, such as, adding that IP address to the IDS Exceptions list to ensure any future inbound UDP port scanning attempts are blocked, logged, and I am notified? Thank you for your time and any enlightenment! Pete Edited March 23, 2016 by spc3rd Link to comment Share on other sites More sharing options...
TomFace 539 Posted March 23, 2016 Share Posted March 23, 2016 Hello Pete. Take a look at this KB article hxxp://support.eset.com/kb2951/ Link to comment Share on other sites More sharing options...
spc3rd 9 Posted March 23, 2016 Author Share Posted March 23, 2016 Hi Tom, Thanks very much for the info link! If I'm understanding it correctly, then ESS will automatically continue to block any future such major port scanning attempts and I don't need to take any additional action. Sounds like a 'winner' to me! Cheers! Pete Link to comment Share on other sites More sharing options...
Recommended Posts