We have Zert0 and have been a happy user for a few years. Recently we have been getting reports of Bit mining activity in this environment. Has anyone seen this kind of detection in their network? Our reseller has had a look and reports back that it is a false positive. I am curious if anyone else has seen this port activity?
***************************************
Incident Summary
The SOC has received an alert for ‘IPS DROP: 49471 VID54842 Stratum Bitcoin Mining Protocol Detected Outbound (AUP – Cryptomining)’ from your iSensor device (xxx.xxx.xxx.100/isensor01) for traffic (Blocked) sourcing from port 40764/tcp of xxx.xxx.xxx.80 and destined to port 9093/tcp of 172.16.255.xxx that occurred on 2021-01-08 at 15:37:52. This activity indicates that xxx.xxx.xxx.80 is involved in Bitcoin mining activity. If you have any further questions or concerns, please let us know either by corresponding to us via this ticket and delegating the ticket back to the SOC, or by calling us at 877-838-7960. If you would like us to block or allow an IP address on your managed firewalls or iSensors, please select the “Block/Allow” tab on the left from the Portal. Sincerely, SecureWorks SOC
John W.
