We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?
This thread was automatically locked due to age.
We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?
I look at this:
Affected firewalls have been observed communicating with the following list of unauthorized hosts. Add all the following domains (these are not Sophos domain properties) as DNS host entries and define the IP address as 52.214.97.178 (a Sophos property which will eliminate the unauthorized traffic):
And found that some of our desktops were communicating with some of these addresses as early as the 4th of April .
Seems anormal to me. Did XG leaked from WAN to make it to our desktops ??????
Please a quick response.
Also, is this normal ????
C:\ping www.sophosproductupdate.com
Pinging sophosproductupdate.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
There's no entry in the host file for sure. How this could resolve to local ???
Paul Jr