System dropping packets after giving Bitdefender files full disk access

microlaser
microlaser
in Protection - Malware/ Firmware etc.
Screenshot 2023-02-16 at 10.03.23 PM.png

I think one of these Bitdefender files is a trojan, my system stared dropping packets when I gave these files full disk access, I think one is fake. This shows the result.

sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

  dns9.quad9.net.domain > 192.168.0.148.59097: [udp sum ok] 12219 q: A? dns.quad9.net. 2/0/0 dns.quad9.net. A 9.9.9.9, dns.quad9.net. A 149.112.112.112 (63)

21:19:09.999298 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65)

21:19:09.999494 IP (tos 0x60, ttl 56, id 0, offset 0, flags [DF], proto UDP (17), length 1278)

^C10532 packets captured

10778 packets received by filter

0 packets dropped by kernel


sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

21:37:09.909492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1277)

21:37:09.909693 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 113)

21:37:09.909794 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 91)

^C3316 packets captured

3325 packets received by filter

0 packets dropped by kernel


sh-3.2# tcpdump -vvfA | grep 9.9.9.9

tcpdump: data link type PKTAP

tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes

  37.120.155.202.https > 192.168.0.148.51361: Flags [.], cksum 0x0f12 (correct), seq 898929:900317, ack 3531, win 330, length 1388

^C29661 packets captured

47892 packets received by filter

17080 packets dropped by kernel

The kernels were dropped after I gave all these items full disk access.

Comments

All Time Leaders

Categories

Defenders of the month