Author Topic: Bruteforce  (Read 509 times)

0 Members and 1 Guest are viewing this topic.

Offline carloshax

  • Newbie
  • *
  • Posts: 3
Bruteforce
« on: October 17, 2020, 12:44:04 PM »
I keep getting smb://41.242.56.55/BruteForce connection block messages, anyone know how i can stop this from happening

Thank You Carl

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67394
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Bruteforce
« Reply #1 on: October 17, 2020, 12:45:38 PM »
Hi Carl, post a screenshot.
Win 8.1 [x64] - Avast PremSec 20.9.2434.Beta#2 [UI.573] - CC 5.72 - EEK - FF ESR 78.4 [NS/AOS/uBO/PB] - TB 78.4 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Re: Bruteforce
« Reply #2 on: October 17, 2020, 02:14:56 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline carloshax

  • Newbie
  • *
  • Posts: 3
Re: Bruteforce
« Reply #3 on: October 17, 2020, 03:05:14 PM »

Offline rocksteady

  • Advanced Poster
  • **
  • Posts: 885
Re: Bruteforce
« Reply #4 on: October 17, 2020, 03:54:04 PM »
@carloshax
Use "Attachments and other options" link under the text box to add screenshot to your message.
Some people do not wish to click on unknown web links to view them as external content.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Re: Bruteforce
« Reply #5 on: October 17, 2020, 04:10:17 PM »
Hi carloshax,

rocksteady is right here, some folks may frown on the use of url shortener-links for obvious reasons.
Especially as they are given as "live" links.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline carloshax

  • Newbie
  • *
  • Posts: 3
Re: Bruteforce
« Reply #6 on: October 17, 2020, 05:31:48 PM »
Thank you attachment added

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67394
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Bruteforce
« Reply #7 on: October 18, 2020, 09:49:52 AM »
Hi Carl, that's the new Remote Access Shield. Read here: https://forum.avast.com/index.php?topic=235069.0
Win 8.1 [x64] - Avast PremSec 20.9.2434.Beta#2 [UI.573] - CC 5.72 - EEK - FF ESR 78.4 [NS/AOS/uBO/PB] - TB 78.4 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Jakub Dubovic

  • Avast team
  • Jr. Member
  • *
  • Posts: 33
Re: Bruteforce
« Reply #8 on: October 20, 2020, 12:49:55 AM »
I keep getting smb://41.242.56.55/BruteForce connection block messages, anyone know how i can stop this from happening

Thank You Carl

Hello Carl,

Thanks for the report.

The new version of the Remote Access Shield scans not only incoming RDP connections, but also incoming SMB connections. SMB protocol is another common attack vector.

As polonus posted:
Also read: https://www.abuseipdb.com/check/41.242.56.55
and here: https://phoenixnap.com/kb/prevent-brute-force-attacks

polonus

The IP address appears to belong to an attacker that tried to use the open SMB port on your computer (used by Windows to read and write files and perform other service requests to network devices) to gain access to it using a brute force attack - multiple consecutive connections with commonly used login credentials. When Avast detects multiple unsuccessful SMB connections over a period of time, it triggers the brute force attack detection and blocks the IP from future attempts.