Hi,
I'm pretty new on the forum so please bear with me. I'm using SG430
I noticed on the Intrusion Prevention System Log that I started getting this logs:
firewall snort[27237]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="INDICATOR-COMPROMISE Suspicious .tk dns query" group="241" srcip="172.16.135.162" dstip="8.8.4.4" proto="17" srcport="61792" dstport="53" sid="39867" class="Misc activity" priority="3" generator="1" msgid="0"
The source IP is internal and destination is Google. Not only that, I'm also getting the another entry from the same source IP but the destination IP is internal.
This thread was automatically locked due to age.