Advanced Threat Detection flagging Akamai

Hi, on 9.707, 

e13678.dspb.akamaiedge.net was flagged by the ATP system tonight:

2021:08:28-19:50:28 fw named[5536]: rpz: client 192.168.1.3#57698 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net

Since Akamai is normally considered a trustworthy CDN, I need more information. What is the reason the traffic is suspicious?

Thanks,
Barry

(home user and commercial customer)

Parents Reply
  • The bad pattern was corrected in under 11 hours.  Such notifications started coming in on 8/28 at about 11 PM EDT (UTC-0400) from about 10 client UTMs and stopped about 10 AM EDT the next day.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data