Hi There,
Just saw this on our Web Protection > Top Users By Traffic
Any idea why is it showing a long string of lines or possibly a domain instead of an IP?
Is this a compromised machine?
Is this a something that they're trying to access?
Is this the user being on a VPN?
Well we a few internal vlan including the 172.16.0.0 network which as you can see on the first image.
We have internal corporate, IT, management, and four student vlan ( different courses )
We have DNS/DHCP server for corporate and no for student. The DHCP for student is being handle by the firewall and no reverse lookup as you can see.
I was on the impression that it only shows internal IP address and if something like this shows is that the machine is compromised.
Well we a few internal vlan including the 172.16.0.0 network which as you can see on the first image.
We have internal corporate, IT, management, and four student vlan ( different courses )
We have DNS/DHCP server for corporate and no for student. The DHCP for student is being handle by the firewall and no reverse lookup as you can see.
I was on the impression that it only shows internal IP address and if something like this shows is that the machine is compromised.
