Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 2 subscribers
  • Views 477534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection: Google DNS (8.8.8.8) false Positive

solae
Some one else see this in the ATM Log?

10.19.1.3 is a Monitoring Server pinging 8.8.8.8 for Internet Referenc.


This thread was automatically locked due to age.
Parents
  • 0
    Hi All,

    I've just received a load of alerts from our Sophos UTM regarding C2/Generic-A C&C connections from two of our servers, directed at 8.8.8.8 (Google DNS) on DNS port UDP 53.

    Has anyone else received this? It screams false positive to me.

    The alerts were specifically about our two internal DNS servers, which forward requests on to 8.8.8.8 and 8.8.4.4.

    http://i.imgur.com/FJR4iSY.png (sorry for high resolution!)
Reply
  • 0
    Hi All,

    I've just received a load of alerts from our Sophos UTM regarding C2/Generic-A C&C connections from two of our servers, directed at 8.8.8.8 (Google DNS) on DNS port UDP 53.

    Has anyone else received this? It screams false positive to me.

    The alerts were specifically about our two internal DNS servers, which forward requests on to 8.8.8.8 and 8.8.4.4.

    http://i.imgur.com/FJR4iSY.png (sorry for high resolution!)
Children
No Data