BotNet detected on my TV. What to do?

mat17
mat17 Posts: 45  Freshman Member
First Comment Friend Collector Fourth Anniversary
in Security
Hello,

in my USG FLEX 200, in the Threat Report - Reputation Filter report, I have some blocked IPs marked as BotNet (Thread category).
There is nothing more than these IPs in this report.

The victim host is my TV.

What does it mean? Someone gain control on my TV? Is it one of the TV Apps which is involved? 

Kind regards

All Replies

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    Your log entry "blocked IPs marked as BotNet (Threat category)" does not automatically mean that the computer is infected, but it signals that some form of activity tried to access known BotNet IP addresses. It is still a cause for concern and you should do something about it if that event repeats in your logs.

    I can only assume that it is unlikely that anyone in this forum knows which apps could be causing your report result, because we don't know much or anything at all about what is running on your TV. You may want to contact your TV brand to see if there is a forum available to you to ask what software could cause your security logs to note that your TV has tried to access BotNet IPs on the internet.
  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Hello @mat17,
    Enabling BotNet filter can detect and block connection attempts to or from the C&C server or known botnet IP addresses. Your TV should be fine since Reputation Filter blocks the connection as you can in the logs.
    However, I wonder if there is any impact after the logs. And could you attach the BotNet logs? Thanks.

    James
  • mat17
    mat17 Posts: 45  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    I tried during a couple of days to get the logs from my USG, but it happened mostly during my sleep and my logs are flushed a bit too quickly.
    I didn't investigate further in my syslog server as, for now, I have a supported format problem.
    So I'm not able to share with you any logs. Sorry.

    Anyway, after restoring my TV factory default settings, the connections attempts have disappeared. My TV may be vulnerable, but not infected anymore.
    Wait and see.
    Kind regards


Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)