Having from today lot of IDS allerts which allowed over my meraki
Till yesterday , meraki blocked sereral times a malware the following malware came from an external ip
From today i have the following problems and the action on mx events page says "allowed"
First of all on lot of events my server appeared as a source and and an ip on Germany appeared as a destination
All the details for the above events says about a cryptocurrency miner ...for example
Cryptocurrency Miner outbound connection attempt
The last hour i have 3 events which allowed (my server is as destination and and ip from France...with different ports in each event (32577,31927,30963) appears as a source
The event details are the following
MSSQL CLR permission set to unsafe attempt
On firewall page i cannot add inbound rules. It says
Inbound traffic will be restricted to the services and forwarding rules configured below. |
By default on the outbound rules there is a rule which i cannot delete it
This rule says policy allow, protocol, source,destination any and this time count hits...