MP C6503 - attack source seen in MCAFEE LOGS

Re: MP C6503 - attack source seen in MCAFEE LOGS

Have you added it in McAffee as friendly network device?


Sent from my iDon't believe in marketing device using Tapatalk

Re: MP C6503 - attack source seen in MCAFEE LOGS

There is no known virus to affect the NetBSD kernel of this MFP. McAfee is well known for false positives in its scanning: it sees something that 'kind of looks like' a denial of service attack so the heuristics decide it is one. More than likely the device hasn't been set in the McAfee console as a valid network device.

Has the customer's IT also looked to see if the MFP is also looking for a master browser for the network, or if it's trying to announce itself as such for the purposes of SMB naming? Are the DNS settings correct?

I've complained before about the sad state of customer IT, but just going off one log without doing the requisite investigation to see if other events on the network give some idea of what might be going on is just getting ridiculous.

Sent from my Classic using Tapatalk

Re: MP C6503 - attack source seen in MCAFEE LOGS

Since our machines are basically a "black box" to most IT people, I guess it's only logical that they get tagged as virus spreaders.

Must be the natural fear of the unknown, I guess.

Re: MP C6503 - attack source seen in MCAFEE LOGS

Thanks for your replies, we'll visit the customer next week, update you once done.

Re: MP C6503 - attack source seen in MCAFEE LOGS

Maybe turn off SNMP....and/or turn off Bonjour???...these "ping" protocols have been known to "flood" the network with extraneous traffic!!!