This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced threat protection

We recently got warning:

Advanced Threat Protection

A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site outside your company.

Details about the alert:

Threat name....: C2/ZAccess-A (SID: 31136)
Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~ZAccess-A.aspx
Time...........:
Traffic blocked: yes

Source IP address or host: malware-hunter.census.shodan.io

How can we identify source host, because it seems renamed to somehing like malware-hunter.census.shodan.io. It's on UTM9 appliance.

This thread was automatically locked due to age.

Parents

0 BAlfson over 4 years ago

Labas Bryan and welcome to the UTM Community!

That's too little information for us to e able to help you. Please show us the corresponding line from the Intrusion Prevention log. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 4 years ago

Labas Bryan and welcome to the UTM Community!

That's too little information for us to e able to help you. Please show us the corresponding line from the Intrusion Prevention log. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data