BotNet detected on my TV. What to do?

mat17

Hello,

in my USG FLEX 200, in the Threat Report - Reputation Filter report, I have some blocked IPs marked as BotNet (Thread category).

There is nothing more than these IPs in this report.

The victim host is my TV.

What does it mean? Someone gain control on my TV? Is it one of the TV Apps which is involved? 

Kind regards

smb_corp_user

Your log entry "blocked IPs marked as BotNet (Threat category)" does not automatically mean that the computer is infected, but it signals that some form of activity tried to access known BotNet IP addresses. It is still a cause for concern and you should do something about it if that event repeats in your logs.

I can only assume that it is unlikely that anyone in this forum knows which apps could be causing your report result, because we don't know much or anything at all about what is running on your TV. You may want to contact your TV brand to see if there is a forum available to you to ask what software could cause your security logs to note that your TV has tried to access BotNet IPs on the internet.

Zyxel_James

Hello @mat17,

Enabling BotNet filter can detect and block connection attempts to or from the C&C server or known botnet IP addresses. Your TV should be fine since Reputation Filter blocks the connection as you can in the logs.

However, I wonder if there is any impact after the logs. And could you attach the BotNet logs? Thanks.

James

mat17

Hello @Zyxel_James

I tried during a couple of days to get the logs from my USG, but it happened mostly during my sleep and my logs are flushed a bit too quickly.

I didn't investigate further in my syslog server as, for now, I have a supported format problem.

So I'm not able to share with you any logs. Sorry.

Anyway, after restoring my TV factory default settings, the connections attempts have disappeared. My TV may be vulnerable, but not infected anymore.

Wait and see.

Kind regards