Hallo,
gestern habe ich diese Meldungen bekommen
Advanced Threat Protection
A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Generic-A
Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx
Time...........: 2018-11-16 23:15:29
Traffic blocked: yes
Source IP address or host: 192.168.115.1
Im Log stand dies hier.
2018:11:16-21:43:13 firewall named[4679]: rpz: client 192.168.115.1#61417 (e1.single.makuotek.com): view default: rpz QNAME NXDOMAIN rewrite e1.single.makuotek.com via e1.single.makuotek.com.rpz
2018:11:16-21:43:13 firewall named[4679]: rpz: client 192.168.115.3#52847 (e1.single.makuotek.com): view default: rpz QNAME NXDOMAIN rewrite e1.single.makuotek.com via e1.single.makuotek.com.rpz
2018:11:16-23:15:29 firewall named[4679]: rpz: client 192.168.115.1#60184 (makuotek.com): view default: rpz QNAME NXDOMAIN rewrite makuotek.com via makuotek.com.rpz
Ein manueller Scan mit dem G DATA Virenscanner zeigte keine Auffälligkeiten.
Bei den beiden IP-Adressen 192.168.115.1 und .3 handelt es sich um Server die auch DNS Server machen.
Hat hier jemand ggf. nähere Infos?
VG, Herry
This thread was automatically locked due to age.
