Reply
New Member
Posts: 1
Registered: ‎06-26-2017
Kudos: 2

Re: IPS Alert 1: A Network Trojan was Detected

[ Edited ]

Got the same, 40+ warnings. The warnings occur within 2 to 5minutes separation. The source is a HiFI (Marantz NR1606) system.

 

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible)). From: 192.168.1.13:4883, to: 151.101.36.246:80, protocol: TCP
whois lookup for: 151.101.36.246
ISP Fastly Usage Type Content Delivery Network Hostname profile-images.scdn.co Domain Name fastly.com Country City San Francisco, California

 

New Member
Posts: 7
Registered: ‎03-30-2016
Kudos: 1

Re: IPS Alert 1: A Network Trojan was Detected

I’ve been getting about 40-50 a week

New Member
Posts: 3
Registered: ‎10-28-2018
Kudos: 1

Re: IPS Alert 1: A Network Trojan was Detected

Same here

also iPhone not jailbrocken

New Member
Posts: 28
Registered: ‎04-27-2016
Kudos: 43

Re: IPS Alert 1: A Network Trojan was Detected

this is a really terrible IPS signature

New Member
Posts: 1
Registered: ‎07-24-2018
Kudos: 1

Re: IPS Alert 1: A Network Trojan was Detected

I recently started noticing these alerts. I captured packets to the destination and learned that the TCP port 80 session was related to checking the certificate revocation list (CRL) status for an SSL cert.

 

The destination IP was in the US at 72.21.91.29; no PTR record for that IP address, but it is in an address block owned by Verizon. The packet capture revealed the hostname: ocsp.digicert.com

 

Clearly a false positive, but I am not a fan of disabling or suppressing signatures just because they generate false positives. Any chance of tweaking the signature? Do we as users have this ability?

 

  ~David

New Member
Posts: 5
Registered: ‎08-24-2017

Re: IPS Alert 1: A Network Trojan was Detected

I recently turned on IPS, and am getting these errors.  I can confirm that the IP address is my iPhone and I have WeChat on it as we have a child studing in China.  Interestingly, only my IP address shows, where as my wife who chats with our child every day does not.  I am guessing that it is something that we have to live with untiil he returns.

New Member
Posts: 3
Registered: ‎10-28-2018
Kudos: 1

Re: IPS Alert 1: A Network Trojan was Detected

We have also wechat on several Devise but only my iPhone generate the error

New Member
Posts: 2
Registered: ‎04-15-2016

Re: IPS Alert 1: A Network Trojan was Detected

I'm also getting this from the Wire app on Linux

New Member
Posts: 1
Registered: ‎12-19-2018

Re: IPS Alert 1: A Network Trojan was Detected

I don't think it's the WeChat. I had WeChat on all the time, and never got this problem. It's actually another app developed from same company, called QQ. Every time I launch that on my phone, I got this alert.

New Member
Posts: 2
Registered: ‎12-23-2017

Re: IPS Alert 1: A Network Trojan was Detected

I have a Marantz amplifier which has internet radio. Whenever I tried to use this in-built app I received a similar message: IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible)). From: 192.168.1.115:2583, to: 66.135.60.133:80, protocol: TCP

 

It seems that the reason why this happened is that I have IPS (Intrusion Prevention System) turned on: Settings - IPS.

 

To solve a problem like this you can either switch to IDS (Intrusion Detection System) which will make your network less protected or - and this is what I did - you can whitelist the IP that is causing the alert. For some of you this might not work, but I saw some comments which show similar problems than mine and in those cases this is definitely a solution.

 

I added the IP for both directions to whitelisting and after provisioning the internet radio started to work.

 

Hope this helps some of you!

Highlighted
New Member
Posts: 31
Registered: ‎08-24-2016
Kudos: 3

Re: IPS Alert 1: A Network Trojan was Detected

I see the exact same message. I wonder how one would get the attention of developers at LG to clue them in on the misspelling of the call.

 

In the meantime, whitelisting seems to be the only thing to do.

New Member
Posts: 1
Registered: 3 weeks ago

Re: IPS Alert 1: A Network Trojan was Detected

I am getting these constantly via my wifes WeChat application.

The IP addresses are 203.205.255.78-80, 203.205.219.244, and 203.205.146.77

 

IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE Suspicious User-Agent (1 space). From: 192.168.1.21:61975, to: 203.205.219.244:80, protocol: TCP

 

IP Lookup place all as Tencent which is the parent company.  My concern is whether this valid, or relaying through Tencent to a malicious third party.  Malware out of China is pretty rampant especially via mobile apps.

 

Is this safe and can I whitelist or are there issues with this traffic.

 

I am seeing a dozen events daily.

Reply