Hi guys, I keep getting the following alert and just wondered if it was anything to worry about / look further into:
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: INDICATOR-COMPROMISE Suspicious .trade dns query
Details........: https://www.snort.org/search?query=44076
Time...........: 2017-10-19 14:29:01
Packet dropped.: yes
Priority.......: low
Classification.: Misc activity
IP protocol....: 17 (UDP)
Source IP address: **.*.*.** (ad.domain.zone) Source port: 55525 Destination IP address: 8.8.8.8 (google-public-dns-a.google.com) Destination port: 53 (domain)
Sophos UTM @
--
System Uptime : 35 days 10 hours 25 minutes
System Load : 0.35
System Version : Sophos UTM 9.503-4
Please refer to the manual for detailed instructions.
This thread was automatically locked due to age.