Hallo,
die Advanced Threat Protection meiner UTM meldete mir heute
folgendes für zwei meiner Server:
A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Generic-A
Details........: C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solutio
Traffic blocked: yes
Auszüge aus den Logs
hostfw ulogd[4651]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" threatname="C2/Generic-A" srcmac="0:c:29:70:5c:74" dstmac="0:c:29[:D]4:1d:1d" srcip="5.9.105.217" dstip="74.116.84.123" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="51652" dstport="80" tcpflags="RST"
hostfw ulogd[4651]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" threatname="C2/Generic-A" srcmac="0:c:29:37:30:e1" dstmac="0:c:29[:D]4:1d:1d" srcip="5.9.105.217" dstip="74.116.84.123" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="18792" dstport="80" tcpflags="RST"
Allerdings sind beide Server Linux-basierend, ein False/Positiv?
Wäre über eure Meinungen dankbar.
VG - DasBill
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
