This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

please someone can explain or reproduce this

hello all

following situation:

ATP and IPS enabled
On a client PC -> open cmd prompt -> ping commonname.com
(answer: host could not be resolved)

ATP Alert:

16:07:25 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 193.247.204.1    drop
16:07:26 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 193.247.204.1    drop
16:07:29 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 193.5.23.1    drop
16:07:29 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 193.5.23.1    drop
16:07:33 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 164.128.36.34    drop
16:07:33 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 164.128.36.34    drop

The Internet IP are the DNS-Forwarders of our ISP

UTM Release 9.307-6

Thanks a lot :-)

This thread was automatically locked due to age.

Parents

0 Amodin over 10 years ago
So, I had to try it for 'testing' purposes...

Live Log: Advanced Threat Protection
Filter:
Autoscroll
Reload
12:26:18 DNS Troj/Dluca-BM
172.18.0.13
→
commonname.com
drop

UTM shows this as a Botnet/Command and control traffic detected.

The client doesn't show anything recorded.

My guess of course, is that this is a false positive, or some type of similar issue.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Amodin over 10 years ago
So, I had to try it for 'testing' purposes...

Live Log: Advanced Threat Protection
Filter:
Autoscroll
Reload
12:26:18 DNS Troj/Dluca-BM
172.18.0.13
→
commonname.com
drop

UTM shows this as a Botnet/Command and control traffic detected.

The client doesn't show anything recorded.

My guess of course, is that this is a false positive, or some type of similar issue.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data