Thread Info
  • State Verified Answer
  • +10 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 22 subscribers
  • Views 36233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Massive ATP Alerts? AFCD/iptables IP 93.184.221.240

Steve Weißflog

Almost all of our customer UTMs did generate an ATP alert for IP Address 93.184.221.240. It starts around 16:00 (I received ~7 alert mails per UTM)

Was there a pattern update? False positive? Any Infos about that?

 

regards



This thread was automatically locked due to age.
Parents
  • 0

    Same here on our UTM.

    All started after the following;

    Installing up2date package: /var/up2date/aptp/u2d-aptp-9.32631-32632.patch.tgz.gpg

     

     

    Edit:

     

    Also getting the following IP's now;

    72.21.80.5 and 72.21.80.6

    192.229.254.5 and 192.229.254.6

     

     
  • 0 in reply to Crag

    I'm fairly sure this is related to Windows updates. I have 2 UTMs reporting the same 
    Threat name....: C2/Generic-A

    My patterns are at: 160216 I have 2 pending firmware updates.

    2019:04:04-16:02:27 h******er-utm named[4500]: rpz: client 192.168.*.5#52967 (ctldl.windowsupdate.com): view default: rpz IP NXDOMAIN rewrite cs11.wpc.v0cdn.net via 32.240.221.184.93.rpz-ip.rpz

Reply
  • 0 in reply to Crag

    I'm fairly sure this is related to Windows updates. I have 2 UTMs reporting the same 
    Threat name....: C2/Generic-A

    My patterns are at: 160216 I have 2 pending firmware updates.

    2019:04:04-16:02:27 h******er-utm named[4500]: rpz: client 192.168.*.5#52967 (ctldl.windowsupdate.com): view default: rpz IP NXDOMAIN rewrite cs11.wpc.v0cdn.net via 32.240.221.184.93.rpz-ip.rpz

Children
No Data
Unfiltered HTML