Threat report on Security Routers: how to identify a threat by their category

GiuseppeR
GiuseppeR Posts: 397  Master Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

Hello everyone,

as you can see here:

immagine.png

I have a pair of threats highlighted on a site where I installed a security router.

Those events are linked to a server, so no email client there.

I see that one of those events are highlighted as "Stop mail fraud & phishing": is this name related to the IP that sent the attack because it is listed inside a group of IP sending phishing?

All Replies

  • Zyxel_James
    Zyxel_James Posts: 788  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    The option of "Stop mail fraud & phishing" means blocks access by your LAN clients to phishing websites and spam URLs. 
    When you click on Stop mail fraud & phishing in the Threats detected by category tab, you will see the domain/IP where the threat was encountered. Click on the domain/IP, you will see the IP address of your LAN client which encountered this block.

    image.png
  • GiuseppeR
    GiuseppeR Posts: 397  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector
    edited May 21

    Hello @Zyxel_James

    that security alert regarding "Stop mail fraud & phishing" is related to a server NAS.

    There I have NO email client or other software except backup routine.

    The question is related to how the system identifies threats. If I look on Nebula the system tells me that the IP address being analyzed is included in the "fraud & phishing" threats: does this happen because the registered IP is included in the aforementioned list or is there some other categorization?

    When you say "blocks access by your LAN clients to phishing websites and spam URLs" you are referring to the fact the the security router blocks only outgoing connection to those websites or it is possible also that the security router blocks incoming connections to my LAN resources (thanks to open ports that I need to have)?

Nebula Tips & Tricks