Thread Info
  • Locked Locked
  • Replies 13 replies
  • Subscribers 14 subscribers
  • Views 4899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Detection flagging Akamai

BarryG

Hi, on 9.707, 

e13678.dspb.akamaiedge.net was flagged by the ATP system tonight:

2021:08:28-19:50:28 fw named[5536]: rpz: client 192.168.1.3#57698 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net

Since Akamai is normally considered a trustworthy CDN, I need more information. What is the reason the traffic is suspicious?

Thanks,
Barry

(home user and commercial customer)



This thread was automatically locked due to age.

Top Replies

Parents Reply Children
  • in reply to Omer Fatehur Rahman

    The bad pattern was corrected in under 11 hours.  Such notifications started coming in on 8/28 at about 11 PM EDT (UTC-0400) from about 10 client UTMs and stopped about 10 AM EDT the next day.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA