I need a solution

Good Day All ,

I am facing the a  challanging task in my environment. Continous I was notified with the alert and please find the alert details.

computer: XXXX(workstation)

protocol direction: TCP inbound

remote host IP address: 192.X.X.X

Traffic intiated from the remote IP 192.X.X.X is class c subnet range and it is an private IP, communicates towards  our known workstation.

Signature triggered is OS : Microsoft SMB MS17-010 .

SEP client installed on that workstation blocked this traffic. So there is no  impact but we are unable to find the traffic intiated from the remote IP. Since  We do not have any information about this IP, it is not the standard IP segment used in our environment and we are not able to trace this IP.

Any suggestion from your end is highly helpful.

Thanks in advance.


Source link


Please enter your comment!
Please enter your name here