Hello,
some time ago I get messages from my UTM9 like these two following
2018:05:09-07:53:21 lyra snort[17243]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="EXPLOIT-KIT Rig Exploit Kit redirection attempt" group="500" srcip="88.208.20.24" dstip="172.16.28.11" proto="6" srcport="80" dstport="53601" sid="43217" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0"
2018:05:09-08:26:01 lyra ulogd[8476]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="wlan0" srcmac="80:ce:05:7b:74:57" dstmac="00:1a:9c:0a:a5:00" srcip="172.16.28.11" dstip="172.16.28.1" proto="1" length="1376" tos="0x00" prec="0x00" ttl="64" type="8" code="0"
The allerts only come up when I use Safari (any site) on my iphone or ipad.
The ip 172.16.28.11 is my iphone
With the firs alert comes the information that is comming from ip 88.208.20.24 wich is a company in the netherlands. On this ip are some internet sites connected, all with pornographic content. That much I have found out yet.
I would appreciate some advice here.
Regards
Patrick
This thread was automatically locked due to age.
