Jump to content

t3chr0b0t

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. On my Windows Server 2012 R2 machine, Malware Bytes is picking up incoming attempts from malware, riskware, etc. It happens a few times per day and they are always inbound. The IP addresses differ each time, but they are consistently trying port 389 and lsass.exe. They have also tried port 53 and dns.exe. I have both ports blocked in the firewall on the server and have my router firewall enabled. This started happening after a thwarted randomware attack with a virus spread from a laptop connecting to the server via VPN. Everything has been thoroughly scrubbed. The drive that had the encrypted files was formatted and the files were restored from a clean cloud backup. However, I can't for the life of me figure out why I keep seeing these incoming attempts. Is it because this server is now "on the radar" of the attackers, so they just keeping trying automatically?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.