SMB Relay Attack?

Discussion in 'ESET Smart Security' started by ftracy3, May 28, 2012.

Thread Status:
Not open for further replies.
  1. ftracy3

    ftracy3 Registered Member

    Joined:
    May 28, 2012
    Posts:
    1
    Location:
    USA
    Hi, I just installed a vpn client (privat.vpn)and while I run it I keep getting
    "Detected SMB Relay Attack" and the occasional (I'm paraphrasing) "Intrusion attempt worm/strasser"

    This is on a PC that is networked to several devices in my home (another PC, NAS, Media servers, game consoles), and running utorrent. The alerts stop when I disconnect from the vpn. Could these be false positives or should i be concerned? The VPN is a well-reviewed service so I'm surprised it would be causing trouble.

    I'm trying to submit to cut/paste a log but can't figure out how to do it..exporting the log file created a file that was too big to open. Anyway any advice will be appreciated. I was able to cut and paste below after doing a filter: (the x's are identical numbers in the IP address, which I don't recognize as on my system)

    5/28/2012 5:18:53 PM Detected SMB Relay attack Source: 1xx.xx.209.251:59226 Target:1xx.xx.209.152:445 TCP
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
Thread Status:
Not open for further replies.