I have been getting hits like below as reported by bitdefender on my network. it appears to becoming from my network gateway, not sure if it is just the network scanner, but the events have been escalating lately and happening on all of the networks. Made a port group 554, 445,137,138,139 and blocked on wan in, local lan, and lan in , but still getting the hits. I have blocked all networks from gateways, (tested all networks and not connectivity to GW’s, and blocked pings), also have blocked all RFC1918 traffic between lans. I know this group does not like unifi firewalls… but i have not had an issue with them, reminds me of the old school rule sets back in the days of dialup. . Any thoughts would be greatly appreciated…
Detection name: Exploit.PentestingTool.HTTP.3
Attack Technique: Lateral Movement
Attacker’s IP: 192.168.5.1
Targeted IP: 192.168.5.50
Port: 445
Scott