What does this line from ATP protocol tell me?

We have had an ATP alert at one of our sites, so I went back a bit in history and found other, older alerts.

When looking at this line, I don't quite understand what this guy is trying to do?

2021:09:16-08:44:20 ssl2 named[4924]: rpz: client @0xcc6a710 172.28.2.131#52987 (ww7.pmdtc.org): view default: rpz IP NXDOMAIN rewrite 72450.bodis.com via 32.153.242.59.199.rpz-ip.rpz

Thanks for any hint.

  • I'm no BIND guru, Philipp, but if you Google NXDOMAIN rewrite, you'll find information about this.

    Just curious, what did the ATP alert look like?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA