BotNet detected on my TV. What to do?

Options
mat17
mat17 Posts: 45  Freshman Member
First Anniversary 10 Comments Friend Collector
Hello,

in my USG FLEX 200, in the Threat Report - Reputation Filter report, I have some blocked IPs marked as BotNet (Thread category).
There is nothing more than these IPs in this report.

The victim host is my TV.

What does it mean? Someone gain control on my TV? Is it one of the TV Apps which is involved? 

Kind regards

All Replies

  • smb_corp_user
    smb_corp_user Posts: 161  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Your log entry "blocked IPs marked as BotNet (Threat category)" does not automatically mean that the computer is infected, but it signals that some form of activity tried to access known BotNet IP addresses. It is still a cause for concern and you should do something about it if that event repeats in your logs.

    I can only assume that it is unlikely that anyone in this forum knows which apps could be causing your report result, because we don't know much or anything at all about what is running on your TV. You may want to contact your TV brand to see if there is a forum available to you to ask what software could cause your security logs to note that your TV has tried to access BotNet IPs on the internet.

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hello @mat17,
    Enabling BotNet filter can detect and block connection attempts to or from the C&C server or known botnet IP addresses. Your TV should be fine since Reputation Filter blocks the connection as you can in the logs.
    However, I wonder if there is any impact after the logs. And could you attach the BotNet logs? Thanks.

    James
  • mat17
    mat17 Posts: 45  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    I tried during a couple of days to get the logs from my USG, but it happened mostly during my sleep and my logs are flushed a bit too quickly.
    I didn't investigate further in my syslog server as, for now, I have a supported format problem.
    So I'm not able to share with you any logs. Sorry.

    Anyway, after restoring my TV factory default settings, the connections attempts have disappeared. My TV may be vulnerable, but not infected anymore.
    Wait and see.
    Kind regards


Security Highlight