Hi,
last night I got the following warning:
Details about the alert:
Threat name....: C2/Generic-A
Details........: C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solution
Time...........: 2015-01-29 21:12:18
Traffic blocked: yes
Internal source IP address or host: 93.174.93.61
--
HA Status : HA MASTER (node id: 1)
System Uptime : 9 days 20 hours 31 minutes
System Load : 0.14
System Version : Sophos UTM 9.306-6
Please refer to the manual for detailed instructions.
The send limit for this notification has been reached. No further notifications of this type will be sent during this period.
Besides the fact that this was a false positive, I noticed one other thing.
it states:
Internal source IP address or host: 93.174.93.61
But this IP isn't an internal address. Any idea why UTM does report it in this way? Why is an external request reported as botnet traffic?
This thread was automatically locked due to age.
