This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

An attempt to communicate with a botnet or command and control server has been detected

I'm getting this alert very frequently on Sophos Central.

I can see the destination IP is a malicious one according to malwarebytes.

The source IP is of a QNAP NAS - so i'm not sure how to proceed. I'm currently right click scanning all of the files on the NAS - but i did check this before and nothing came back. Is there any other options? Can i install Sophos onto a QNAP NAS?

Thanks for any advice

This thread was automatically locked due to age.

BAlfson over 3 years ago

Hi Mitchell,

Interesting, the canonical name for 185.157.160.147 is 185-157-160-147.pool.ovpn.com. I wonder if that device doesn't have malware that's attempting to establish a connection to an OpenVPN anonymous proxy service. or, is that normal for a QNAP NAS?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel