Hi,
With Avast Premium, I keep receiving messages that Avast has stopped another SMB BruteForce attack. I do the computer work for a small non-profit (volunteer) with only about 5 desktop computers, but with many wireless devices using the WiFi. We house residents for a low rent. The problems started a few months ago when a resident with VERY good skills (much more than I) left unhappily. Maybe it was just a coincidence? Anyway, the attacks were coming every few minutes and have slowly lessened over time, but it still concerns me. I will show a very small part of the log from a few days ago:
[2020-12-22 16:55:32.292] [info ] [nsf_rdp_mim] [ 3012: 1068] RdpFilterCtx.Connection [proto:SMB,ip:[fe80::1c97:80f5:aa6f:6580],port:52953,status:[control_granted],in_packet_nr:3,conn_id:30540]
[2020-12-22 16:56:35.526] [debug ] [nsf ] [ 3012: 2728] CDOHPlugin::onRequestHeaders - NOT preferred browser [C:\windows\system32\svchost.exe]
[2020-12-22 17:00:10.229] [info ] [nsf_rdp_mim] [ 3012: 2728] RdpFilterCtx.NewConnection [proto:SMB,ip:[fe80::1c97:80f5:aa6f:6580],port:52963,conn_id:30559]
[2020-12-22 17:00:10.229] [debug ] [nsf_rdp_mim] [ 3012: 2728] RdpFilterCtx.handleDetectionNotification [url:smb://fe80::1c97:80f5:aa6f:6580:52963]
[2020-12-22 17:00:10.276] [info ] [nsf_rdp_mim] [ 3012: 2728] RdpFilterCtx.Connection [proto:SMB,ip:[fe80::1c97:80f5:aa6f:6580],port:52963,status:[control_granted],in_packet_nr:3,conn_id:30559]
[2020-12-22 17:14:26.745] [debug ] [nsf ] [ 3012: 1068] CDOHPlugin::onRequestHeaders - NOT preferred browser [C:\program files\ccleaner\ccleaner64.exe]
Thanks, any help is appreciated.
