Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A Originating from AFCd?

Hi everyone, looks like I have a similar situation to a few people.

NO Windows machines on the network, just OSX and Linux (QNAP).   Woke up to over 1400 emails regarding ATP C2/Generic-A.   But the originiating seems to be from AFCd?  Any idea what this is?

Googling has given me no ideas.    Any ideas anyone?



This thread was automatically locked due to age.
Parents
  • Hi all,


    same thing here on Sunday Morning

    2016:03:20-03:48:01 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="my public ip 2" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="aTic4b059350.app.anmorencai.com" url="-" action="drop"
    2016:03:20-04:30:17 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="MsVW95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-05:28:02 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.225" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="rlSd95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-06:26:19 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="RETV95f9ed2e.app.anmorencai.com" url="-" action="drop"


    I am curious what this is. Seems to go to all our public interfaces.

    Regards

    Jan

Reply
  • Hi all,


    same thing here on Sunday Morning

    2016:03:20-03:48:01 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.226" dstip="my public ip 2" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="aTic4b059350.app.anmorencai.com" url="-" action="drop"
    2016:03:20-04:30:17 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.227" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="MsVW95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-05:28:02 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="218.60.112.225" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="rlSd95f9ed2e.app.anmorencai.com" url="-" action="drop"
    2016:03:20-06:26:19 asg01-2 afcd[5870]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="180.97.161.224" dstip="my public ip 1" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="RETV95f9ed2e.app.anmorencai.com" url="-" action="drop"


    I am curious what this is. Seems to go to all our public interfaces.

    Regards

    Jan

Children
No Data