Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 2 subscribers
  • Views 477534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection: Google DNS (8.8.8.8) false Positive

solae
Some one else see this in the ATM Log?

10.19.1.3 is a Monitoring Server pinging 8.8.8.8 for Internet Referenc.


This thread was automatically locked due to age.
Parents
  • 0
    I received 4 alerts today from our remote site for C23/Generic-A where the destination is 8.8.8.8 (Google DNS).  Could that be anything other than a false positive? 


    Source IP;"Dest. IP";Threat;Origin;"First Seen";"Src. Hosts";Events

    10.128.0.5;8.8.8.8;C2/Generic-A;Iptables;"2015-04-30 21:56:15";1;6

    10.128.0.6;8.8.8.8;C2/Generic-A;Iptables;"2015-04-30 21:56:15";1;6

    172.16.128.5;8.8.8.8;C2/Generic-A;Iptables;"2015-04-30 22:06:13";1;3

    172.16.128.4;8.8.8.8;C2/Generic-A;Iptables;"2015-04-30 21:57:31";1;1
  • 0 in reply to JaredM
    Ah, well, I see I am not alone.
Reply Children
  • 0 in reply to JaredM
    Saludos

    Antes de esto tuve transito masivo por mi DNS esto esta relacionado con ello, tengo varias maquinas que hacen estos llamados, alguien sabe que sucede.
    Gracias

    regards

    Before this I had my DNS mass transit, this is related to this, I have several machines that make these calls, anyone knows what happens.
    thanks