Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 40 replies
  • Answers 4 answers
  • Subscribers 22 subscribers
  • Views 281535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A Originating from AFCd?

JohnRiley
over 4 years ago

Hi everyone, looks like I have a similar situation to a few people.

NO Windows machines on the network, just OSX and Linux (QNAP).   Woke up to over 1400 emails regarding ATP C2/Generic-A.   But the originiating seems to be from AFCd?  Any idea what this is?

Googling has given me no ideas.    Any ideas anyone?



This thread was automatically locked due to age.
Parents
  • 0 over 4 years ago

    Hi all,


    same thing here on Sunday Morning

    2016:03:20-03:48:01 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="my public ip 2" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="aTic4b059350.app.anmorencai.com" url="-" action="drop"
    2016:03:20-04:30:17 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="MsVW95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-05:28:02 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.225" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="rlSd95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-06:26:19 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="RETV95f9ed2e.app.anmorencai.com" url="-" action="drop"


    I am curious what this is. Seems to go to all our public interfaces.

    Regards

    Jan

Reply
  • 0 over 4 years ago

    Hi all,


    same thing here on Sunday Morning

    2016:03:20-03:48:01 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="my public ip 2" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="aTic4b059350.app.anmorencai.com" url="-" action="drop"
    2016:03:20-04:30:17 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="MsVW95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-05:28:02 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.225" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="rlSd95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-06:26:19 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="RETV95f9ed2e.app.anmorencai.com" url="-" action="drop"


    I am curious what this is. Seems to go to all our public interfaces.

    Regards

    Jan

Children
No Data
Unfiltered HTML