Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 4420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

An attempt to communicate with a botnet or command and control server has been detected.

Badrobot

Sophos Central Event Details 

What happened: An attempt to communicate with a botnet or command and control server has been detected.

Where it happened: Serial Number of Firewall

User associated with device: n/a

How severe it is: Medium

What Sophos has done so far: Sophos has logged details about the event, and notified administrators.

What you need to do: XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

 

I got the above alert in Sophos Central, figured I would post in both spots, really odd, there is nothing in the central logs than what is listed above, anyone know how to get more information on this other than going through every blocked packet in the logs.

 

I am thinking it may be a smart phone on the wireless that the firewall simply blocked, it is isolated from the LAN.



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to Keyur

    Yes in this case it is a poor alert, without the IP address of any device or destination checking the log viewer for denied traffic is the only option.  But really good luck looking through the log viewer with all the denied traffic you know.   

    Respectfully, 

     

    Badrobot

     

Unfiltered HTML