Hallo,
die Advanced Threat Protection meiner UTM meldete mir heute
folgendes für zwei meiner Server:
A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Generic-A
Details........: C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solutio
Traffic blocked: yes
Auszüge aus den Logs
hostfw ulogd[4651]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" threatname="C2/Generic-A" srcmac="0:c:29:70:5c:74" dstmac="0:c:29[:D]4:1d:1d" srcip="5.9.105.217" dstip="74.116.84.123" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="51652" dstport="80" tcpflags="RST"
hostfw ulogd[4651]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth1" threatname="C2/Generic-A" srcmac="0:c:29:37:30:e1" dstmac="0:c:29[:D]4:1d:1d" srcip="5.9.105.217" dstip="74.116.84.123" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="18792" dstport="80" tcpflags="RST"
Allerdings sind beide Server Linux-basierend, ein False/Positiv?
Wäre über eure Meinungen dankbar.
VG - DasBill
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
