Is there an effective way to detect and/or block crypto mining related traffic going in/out through a UTM gateway?
We are already using some Application Control rules for some project networks to block file transfer related traffic.
There is no obvious Category or Application entry related to crypto mining related traffic so I wonder if these lists (categories/application) can be extended with some custom entries or if there would be an other way to check if an endpoint is potentially mining.
According to an article:
https://www.cloudsavvyit.com/15087/how-to-detect-and-defeat-cryptominers-in-your-network
filtering requests to:
- *xmr.*
- *pool.com
- *pool.org
- pool.*
should reveal the majority of connections related to cryptominers.
What would be the most efficient setup to log such requests and block them later in a second step?
This thread was automatically locked due to age.