IP Reputation: False positive

Options
rainpwn
rainpwn Posts: 13 image  Freshman Member
Network Detective-New Adventure Badge First Comment Friend Collector Fifth Anniversary
in Security

Hi, im receiving alerts from SecuReporter:


2023-09-19 14:00:00

Network Security

IP Reputation-Outgoing

IP Reputation detect 192.168.10.234 is connecting to threat IP 244 times (exceed threshold 5 within 60 minutes)

Threat IP is 89.46.110.73.

Looking on Cisco Talos:

image.png

Could you verify please?

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,461 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited September 2023 Answer ✓

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,461 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited September 2023 Answer ✓

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

  • rainpwn
    rainpwn Posts: 13 image  Freshman Member
    Network Detective-New Adventure Badge First Comment Friend Collector Fifth Anniversary

    Could you also whitelist 185.81.1.164


    2023-09-19 14:00:00

    Network Security

    IP Reputation-Outgoing

    IP Reputation detect 192.168.11.12 is connecting to threat IP 96 times (exceed threshold 5 within 60 minutes)

    image.png
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,461 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited September 2023

    Hi @0xAlessandro,

    The IP 185.81.1.164 is also added into the allow list in the next signature version. Thanks!

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,461 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @0xAlessandro,

    Signature version: 1.0.0.20230920.0

    Two IP addresses are neutral now.

    image.png image.png
  • rainpwn
    rainpwn Posts: 13 image  Freshman Member
    Network Detective-New Adventure Badge First Comment Friend Collector Fifth Anniversary

    Hi, thank you.

    There are 2 new IP (Cloudflare) which got blocked by IP Reputation.

    • 104.21.9.40
    • 172.67.141.113
    image.png image.png
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,461 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @0xAlessandro,

    The following IP addresses are also added into the allow list in the next signature version. Thanks!
    104.21.9.40
    172.67.141.113

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)