We've had the UTM in place for a long time and today it is freaking out/notifying us constantly about our private and forwarding servers.
Nothing has been changed and in the past, it was always the internal/private DNS servers whenever a client PC would get a gnarly PUP.
But today, the public realm is now a threat.
Details about the alert:
Threat name....: C2/Generic-A
Time...........: 2019-07-10 15:18:11
Traffic blocked: yes
Source IP address or host: 8.8.8.8
--
System Uptime : 38 days 6 hours 28 minutes
System Load : 0.62
System Version : Sophos UTM 9.603-1
UTM has listed the ISP's DNS, Google, and Level3 as the source IP of the C2 threat.
Yes, :53 is closed inbound from the outside world, internal outbound only.
What is going on?
This thread was automatically locked due to age.