This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP detected C2/Generic-A on my network?

Been running UTM home for a few months and never had any ATP alerts, until today.

Got an email alert, check the ATP logs and saw this entry:

2015:05:08-20:32:40 dellutm afcd[18853]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="23.94.38.206" dstip="" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="315.sytes.net" url="-" action="drop"

Now the email alert pointed me to the following sophos info page:

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx

Which mentions:

Identify the compromised machine. The IP address of the machine attempting to connect to the C&C server will be visible within the alert.

I dont see what IP on my network tried to access the C&C server.
Based on the log, the scrip is external to my network, trying to access..

Not sure, but i presume a random attempt from the internet to gain access perhaps?

I dont have any windows computers on my network... all apple devices, blackberry...

This thread was automatically locked due to age.

0 Scott_Klassen over 9 years ago

i presume a random attempt from the internet to gain access
Yep, that's what it is.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel