IAM - Host launches DoS attack against external network

syedjahanzaib Lv1Posted 22 Nov 2022 13:36

I am seeing few alerts from my trusted workstations (which have updated antivirus / antimalware installed)

PFA atached image.

Time:11-18 14:08:42
Username:
10.11.18.19
Group:
-
Protocol:UDP
URL/Directory:
-
Src IP:
10.11.18.19
Src Port:64167
Dst IP:
224.0.0.252
Dst Port:5355
Threat Level:High
Action:Alert
Description:
Host launches DoS attack against external network.

Seems False. Is it ok to Ignore these alerts? Or howto rectify them?

66046637c5effb4f00.png (57.75 KB, Downloads: 625)

66046637c5effb4f00.png

dosattack.png (52.43 KB, Downloads: 611)

dos attack

dos attack

Naomi has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

This is a false positive.
Is this answer helpful?
Draiden Lv2Posted 22 Nov 2022 14:24
  
False Positive.. Someone from your workstation patching a game?
syedjahanzaib Lv1Posted 22 Nov 2022 16:18
  
I am positive there is no such application is installed on the workstation as its used by myself. none of any unknown app is installed in the system.
Newbie733093 Lv1Posted 22 Nov 2022 18:56
  
nice post friend
rivsy Lv5Posted 23 Nov 2022 09:11
  
Just fine to me as of my experience maybe you can check the install application on the workstation to find the main reason for this. But usually as of my experience it is some times a application is updating and my wierdest is my cloud storage that is updating the backup cause the alerts
Fitz_IAG Lv2Posted 23 Nov 2022 10:06
  
Hi, usually, UDP flooding is detected for certain reasons. We suggest you check the device carefully first. And if you trust this device very much, you can add it to the trust list.

Xnip2022-11-23_09-54-08.jpg (149.49 KB, Downloads: 574)

Xnip2022-11-23_09-54-08.jpg
RegiBoy Lv5Posted 28 Nov 2022 10:42
  
It can be a malware that contacting the C&C Server and DDOS
Naomi Posted 28 Nov 2022 10:44
  
This is a false positive.
Rhebie Lv3Posted 28 Nov 2022 10:46
  
It's maybe a false positive.
NeTSec Lv3Posted 28 Nov 2022 10:48
  
It is a patching of games

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders