Threat report on Security Routers: how to identify a threat by their category

GiuseppeR

Hello everyone,

as you can see here:

I have a pair of threats highlighted on a site where I installed a security router.

Those events are linked to a server, so no email client there.

I see that one of those events are highlighted as "Stop mail fraud & phishing": is this name related to the IP that sent the attack because it is listed inside a group of IP sending phishing?

Zyxel_James

The option of "Stop mail fraud & phishing" means blocks access by your LAN clients to phishing websites and spam URLs. 
When you click on Stop mail fraud & phishing in the Threats detected by category tab, you will see the domain/IP where the threat was encountered. Click on the domain/IP, you will see the IP address of your LAN client which encountered this block.

GiuseppeR

Hello @Zyxel_James

that security alert regarding "Stop mail fraud & phishing" is related to a server NAS.

There I have NO email client or other software except backup routine.

The question is related to how the system identifies threats. If I look on Nebula the system tells me that the IP address being analyzed is included in the "fraud & phishing" threats: does this happen because the registered IP is included in the aforementioned list or is there some other categorization?

When you say "blocks access by your LAN clients to phishing websites and spam URLs" you are referring to the fact the the security router blocks only outgoing connection to those websites or it is possible also that the security router blocks incoming connections to my LAN resources (thanks to open ports that I need to have)?