Results 1 to 2 of 2
  1. 02-13-2008, 07:20 AM #1
    kipper
    kipper is offline
    Untanglit
    Join Date
    Jan 2008
    Posts
    22

    Default Fsecure detected inbound malware probe from Untangles IP?

    Hi,

    Fsecure installed on an XP Pro machine has blocked the following traffic from Untangles IP:

    Direction: Inbound
    Protocol: TCP
    Services: Malware - Bagle.Y in
    Remote port: 9512
    Local Port 2535

    The Internet disconnected shortly after this warning

    I take it the IP source is the Untangles server IP as the packets travel through it?

    I have checked the Untangle logs for viruses and attempted intrusions although nothing is logged.

    Any ideas?

    Chris.
  2. 02-13-2008, 12:37 PM #2
    Lee Sharp
    Lee Sharp is offline
    Master Untangler Lee Sharp's Avatar
    Join Date
    Feb 2008
    Location
    Houston, TX
    Posts
    411

    Default

    Three posibilities.
    1) Malware not in the untangle definitions yet. Something scanned and passed would seem to come from the server.
    2) False positive from Fsecure. Something scanned and passed would still seem to come from the server.
    3) Compromised Untangle server. It could really be the server. This is less likely but possible. It gets very unlikely is untangle is not your only internet facing firewall. (If it is a bridge behind a firewall.)

    I placed them in order of likelihood, in my opinion.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2