Jump to content
Login with your Gmail HERE and start posting in seconds! ×

Avast warning

Anthony5

By Anthony5
in IT and Computers

 Share

Recommended Posts

Anthony5 Platinum Member

Anthony5

Posted
Posted

I have Avast free version, 360 Total security and Malwarebytes registered version installed.

Avast gives me every 10 minutes a warning that says something like 202.171.255.69 / miserupdate..

Type : Mal

More I can not see in the pop=up.

When I click on "more info" I get a screen that doesn't give me any more info.

I have scanned with malwarebytes and avast, and get nothing detected.

Time to uninstall Avast?

Link to comment
Share on other sites
faraday Platinum Member

faraday

Posted
Posted

Hmmm...I have also recently got the trial version of Avast.

I do wonder if some of these 'free trials' detect Malware or Virus's that don't really exist, so the consumer thinks how wonderful the s/w is & then buys an upgrade.

Guess the point I'm making in your case is maybe the 'Mal' is just a ploy....?

I always use AVG & have done for some years, but I recently got several VIrus attacks & wanted to be sure they'd been deleted....which is why I installed Avast.

Link to comment
Share on other sites
Tywais Star Member

Tywais

Posted
Posted

That IP in the OP also gives me a warning. The site resolves to Macau and possibly an attack site or malware infested website. It's triggering on the IP and not on something on your computer so a scan wouldn't show it.

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

That IP address (reportedly based in Macau) has been reported by other Intrusion Detection Systems: ET INFO Exectuable Download from dotted-quad Host

Have you been trying to download something, or have you recently downloaded *something* that, in turn, is trying to let in its little friends?

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted

That IP address (reportedly based in Macau) has been reported by other Intrusion Detection Systems: ET INFO Exectuable Download from dotted-quad Host

Have you been trying to download something, or have you recently downloaded *something* that, in turn, is trying to let in its little friends?

I don't recall anything that could be a suspicious download, but if so I think Malwarebytes should find it.

Now ho can I get rid of this warning that pops up every 15 minutes?

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

I think it's odd that your PC is even reporting that -- why are the packets making it that far, why aren't they stopped at the router?

I know you're on a 3G connection, but the 3G router should be preventing unrequested packets being conveyed to your LAN/WLAN

... and if it's warning you every 10-15 minutes of a detection then either:

a PORT is opened on the Router, or

something on your PC is opening up a PORT via UPnP, or

something is actively making a request (and the Macau IP address is responding).

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted

I think it's odd that your PC is even reporting that -- why are the packets making it that far, why aren't they stopped at the router?

I know you're on a 3G connection, but the 3G router should be preventing unrequested packets being conveyed to your LAN/WLAN

... and if it's warning you every 10-15 minutes of a detection then either:

a PORT is opened on the Router, or

something on your PC is opening up a PORT via UPnP, or

something is actively making a request (and the Macau IP address is responding).

Firewall on the router is enabled, and included are my Dos settings.How can I check if a port is open. Should I disable UPnP?

This evening I have had the pop up warning only once, shortly after I started up, and have reported it as a false possitive.

I know I shouldn't have done this, but I'm sure that can not have an effect yet.

post-222439-0-66623300-1435673336_thumb.post-222439-0-85135400-1435673337_thumb.

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

As you may know, UPnP is used to open ports on a router by applications running on a PC, usually P2P (Torrent, Fileshare, VNC, Security Cameras, VoIP apps, etc ) and redirect all incoming packets on that port(s) that aren't otherwise filtered so they come direct to that device.

While the PC app/service (via UPnP) requests the router port be held open, any outside influence can try sending packets directed at that open port.

I'm not sure if this is what's happening, but if you don't have need for UPnP then it should be disabled.

Your router's DoS (Denial of Service) detection is set to block port scans (by blocking/ignoring packets detected coming to successive ports). But if an attacker already knows about the open port then the router security defense is never triggered.

If you can find the AVAST log, see if there's any additional info on what it is (or was) detecting.

Also see if you can 'clear' or remove that ignore as false positive entry.

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted (edited)

It seems to be related to Alibaba, the biggest scam e-commerce site on earth.

https://www.virustotal.com/en/domain/miserupdate.aliyun.com/information/

I have always been wary about Alibaba, but sometimes you want to connect to a seller on Aliexpress and need to install the Alibaba messenger.

I have opened the messenger this morning.

Avast seems to have no log from restricted access, only update log and virus chest, and when I clicked on the pop up it didn't have any information

Edited by Anthony5
Link to comment
Share on other sites
mmh8 Advanced Member

mmh8

Posted
Posted

I had issues with avast at some point. I recommend use the one that comes free with windows - if you are a windows user- a bit of googling also try herd protect in addition to the malware bytes you are using. the other problematic was is anything to do with badu and avg

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted

As you may know, UPnP is used to open ports on a router by applications running on a PC, usually P2P (Torrent, Fileshare, VNC, Security Cameras, VoIP apps, etc ) and redirect all incoming packets on that port(s) that aren't otherwise filtered so they come direct to that device.

While the PC app/service (via UPnP) requests the router port be held open, any outside influence can try sending packets directed at that open port.

I'm not sure if this is what's happening, but if you don't have need for UPnP then it should be disabled.

Your router's DoS (Denial of Service) detection is set to block port scans (by blocking/ignoring packets detected coming to successive ports). But if an attacker already knows about the open port then the router security defense is never triggered.

If you can find the AVAST log, see if there's any additional info on what it is (or was) detecting.

Also see if you can 'clear' or remove that ignore as false positive entry.

I occasionally download a torrent, but after I close the Torrent agent the router software closes the opened port, or not?

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

UPnP allows a zero config solution for NAT traversal via the Internet Gateway Device Protocol (IGD Protocol). With UPnP enabled on the router, an Ethernet connected device can, via software, instantly fetch and enumerate existing router port mappings, and add or remove port mappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal client. (Wikipedia text)

With UPnP enabled, any app can do this without any router name/pass authentication and no prompted authorization or notice to you.

From a security standpoint, it's recommended that you configure fixed open ports on your router using matching ports in those application that require them. Leave it configured, even if there's not a application on the target machine running/actively listening to that port for traffic most of the time. This is far safer than letting any Tom, Dick, or Harry app open ports at will

Here's a 2013 article on the issue.

Universal Plug and Play has always had security holes. Here's how to plug them.
ZDNET | By Steven J. Vaughan-Nichols for Networking | January 30, 2013
Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

Just noticed from your logs posted in the other thread, your security cameras (3,5,7) are using UPnP IGD to open and immediately close external port 8000.

I find it interesting that they're all trying to control/redirect the same port, as they're supposed to operate on different ports to provide external control.

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted

Just noticed from your logs posted in the other thread, your security cameras (3,5,7) are using UPnP IGD to open and immediately close external port 8000.

I find it interesting that they're all trying to control/redirect the same port, as they're supposed to operate on different ports to provide external control.

I don't exactly understand your remark, but yes they're all set to the same port 8000, but DDNS is not enabled because since my network is on a 3G connection, I'm not able to connect to them from outside anyway.

Link to comment
Share on other sites
RichCor Platinum Member

RichCor

Posted
Posted

Not important. It's just another device utilizing UPnP service on your router to have ports opened, but then it immediately closes them.

If the router was issued a Public Facing Internet IP Address then to work properly each security camera would need to request a unique Port number be opened to provide individual access (unless some 'gang/group' method allowed one camera to control all the others on the same LAN).

You could always disable the port request service on the cameras. It's just unnecessary LAN traffic and UPnP requests.

No issue/error is being generated by them trying. So not really important.

Link to comment
Share on other sites
Anthony5 Platinum Member

Anthony5

Posted
  • Author
Posted (edited)

Not important. It's just another device utilizing UPnP service on your router to have ports opened, but then it immediately closes them.

If the router was issued a Public Facing Internet IP Address then to work properly each security camera would need to request a unique Port number be opened to provide individual access (unless some 'gang/group' method allowed one camera to control all the others on the same LAN).

You could always disable the port request service on the cameras. It's just unnecessary LAN traffic and UPnP requests.

No issue/error is being generated by them trying. So not really important.

How do I disable this in the camera?

By disabling UPnP?

A reason this may happen is because the cameras are set to reboot every 12 hours, as I had some disconnections in the past and would only notice when I view the camera.

Edited by Anthony5
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.










×
×
  • Create New...