In the last weeks i have had a massive spike in usage on a UTM with v. 9.711-5 - The wan interface has received 1 TB from just one IP.
What is very different with this behavior was the the traffic was not originated from or to any networks. Both firewalls in hthe a has been restarted to no affect.
I created a tcpdump from the active UTM to investigate and found out that it was a104-121-237-248.deploy.static.akamaitechnologies.com (104.121.237.248) causing the massive download and they are related to sophos up2date.
i then disabled auto download of up2date, to discover that the traffic just stopped.
"audld.plx –trigger–verbose" says no packages but the interface on the UTM does not Agree it says
Current pattern version: 209466
Latest available pattern version: 209468
Does anyone have a clue what is wrong ? :)
This thread was automatically locked due to age.