Jump to content

KIS 19.0.0.1088d restarts itself randomly/KLAVA update error if ssh port on under brute force attack?


Recommended Posts

Posted
Hello, I have KIS 19.0.0.1088d installed on my Windows 10 x64 1809 desktop and router forwarding port 22 from WAN to my desktop port 22 (I know its dangerous and I forget to close the port forwarding after I test something earlier this year). I have OpenSSH client/server installed on my Windows 10 (the ones provided by Windows) which allow I ssh connect my desktop from outside. Since then I notice that from time to time that Windows Defender/Firewall notify me they have themselves turned on because KIS snoozed. And some notification saying they have turned off again because KIS comes back alive. Also I receive KLAVA update failed from time to time. Both usually happen once-twice per day, KLAVA error will go away if I restart my desktop but after like 2 days I will get that error/KIS restarted itself randomly again. So last weekend I was just curious and check Windows event log and discovered tons and tons of failed ssh login attempts and I realize I have port 22 exposed on the WAN so I closed the port forwarding rule. And since then KIS has not restarted itself randomly nor I get any KLAVA update error. KIS did not warn me about ssh brute force attack tho, unlike I once exposed RDP 3389port to WAN KIS did warn me on RDP brute force on port 3389. I have a strong windows user account password so I do think those random attackers never succeed. Anyway because I am no expert and I am really curious anyone can do a test on WIndows 10 x64 1809 with OpenSSH client/server with KIS19.0.0.1088d and brute force port 22 from outside and see if you can reproduce KIS restarting itself randomly and have KLAVA update error. thanks iosman
  • 1 month later...
Posted
Hello,

I have KIS 19.0.0.1088d installed on my Windows 10 x64 1809 desktop and router forwarding port 22 from WAN to my desktop port 22 (I know its dangerous and I forget to close the port forwarding after I test something earlier this year). I have OpenSSH client/server installed on my Windows 10 (the ones provided by Windows) which allow I ssh connect my desktop from outside.

Since then I notice that from time to time that Windows Defender/Firewall notify me they have themselves turned on because KIS snoozed. And some notification saying they have turned off again because KIS comes back alive. Also I receive KLAVA update failed from time to time. Both usually happen once-twice per day, KLAVA error will go away if I restart my desktop but after like 2 days I will get that error/KIS restarted itself randomly again.  Dyson Cyclone V10 Review


So last weekend I was just curious and check Windows event log and discovered tons and tons of failed ssh login attempts and I realize I have port 22 exposed on the WAN so I closed the port forwarding rule. And since then KIS has not restarted itself randomly nor I get any KLAVA update error.

KIS did not warn me about ssh brute force attack tho, unlike I once exposed RDP 3389port to WAN KIS did warn me on RDP brute force on port 3389. I have a strong windows user account password so I do think those random attackers never succeed.

Anyway because I am no expert and I am really curious anyone can do a test on WIndows 10 x64 1809 with OpenSSH client/server with KIS19.0.0.1088d and brute force port 22 from outside and see if you can reproduce KIS restarting itself randomly and have KLAVA update error.

thanks
iosman

 

thanks my issue has been fixed.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...