SMB Relay Attack?

Discussion in 'ESET Smart Security' started by ftracy3, May 28, 2012.

Thread Status:
Not open for further replies.
  1. ftracy3

    ftracy3 Registered Member

    Joined:
    May 28, 2012
    Posts:
    1
    Location:
    USA
    Hi, I just installed a vpn client (privat.vpn)and while I run it I keep getting
    "Detected SMB Relay Attack" and the occasional (I'm paraphrasing) "Intrusion attempt worm/strasser"

    This is on a PC that is networked to several devices in my home (another PC, NAS, Media servers, game consoles), and running utorrent. The alerts stop when I disconnect from the vpn. Could these be false positives or should i be concerned? The VPN is a well-reviewed service so I'm surprised it would be causing trouble.

    I'm trying to submit to cut/paste a log but can't figure out how to do it..exporting the log file created a file that was too big to open. Anyway any advice will be appreciated. I was able to cut and paste below after doing a filter: (the x's are identical numbers in the IP address, which I don't recognize as on my system)

    5/28/2012 5:18:53 PM Detected SMB Relay attack Source: 1xx.xx.209.251:59226 Target:1xx.xx.209.152:445 TCP
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.