Virus scan alerts & intrusion attempts - Real?

DTDC

n3wb
Joined
Mar 5, 2019
Messages
18
Reaction score
5
Location
MI
My Norton anti-virus has implicated BlueIris in intrusion attempts. Are these real?

I'm running Version 4 on Win7, purchased on disc from Amazon.

I just got this alert this morning:
An intrusion attempt by 103.145.12.230 was blocked
IPS Alert Name: Attack: Mikrotik RouterOS Information Disclosure Activity
Attacking Computer: 103.145.12.230 59224
Source address: 103.145.122.230
Traffic Description: TCP, Port 59224
Network traffic from 103.145.122.230 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME\PROGRAM FILES\BLUE IRIS\BLUEIRIS.EXE

Virustotal shows some alerts on my BlueIris.exe file: VirusTotal

Is this a real concern with BI?

Thanks,
Dave
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
Additional thought, what ports do you have open on your router? I routinely see attacks on the VPN server that's part of my router. Nothing new about that.
 

DTDC

n3wb
Joined
Mar 5, 2019
Messages
18
Reaction score
5
Location
MI
The only port I have open is 81.
It's a Linksys router. Set up in single port forwarding.
Application: Blue Iris
External port: 81
Internal port: 81
Protocol: TCP
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Is Upnp disabled in your linksys router? Disable that one immediately.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
It was enabled. Disabled now.
okay, good, now go to GRC.com and do a full port scan on your WAN IP. If your PC's firewall/antivirus is complaining about incoming packets, your pc is still vulnerable.

Good luck!
CC
 

DTDC

n3wb
Joined
Mar 5, 2019
Messages
18
Reaction score
5
Location
MI
Shields Up, correct?

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

So I've got that going for me!


My Linksys router is sitting inside AT&T's DSL router if that matters to any of this.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Shields Up, correct?

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

So I've got that going for me!


My Linksys router is sitting inside AT&T's DSL router if that matters to any of this.
Indeed Shield'sup is the test.

Always make sure your linksys is running on the latest & greatest security fixes. If you doubt your pc endpoint is infected/compromised, please re-install windows and redeploy your apps on it.

Good luck!
CC
 

DTDC

n3wb
Joined
Mar 5, 2019
Messages
18
Reaction score
5
Location
MI
Thanks! I appreciate the help.

As luck would have it, I'm beginning the long, dreadful process of migrating my workstation over to Windows 10. Decided that the least painful method would be to do a fresh OS install on a new HDD and set up a dual-boot option until I migrate everything over. I just loaded BI onto the new HDD, but haven't yet connected any cameras. We'll see how it goes from here as I slowly move along. I should probably upgrade to V5 before I get too far into cluttering up this new OS.
 
Top