Antes de esto tuve transito masivo por mi DNS esto esta relacionado con ello, tengo varias maquinas que hacen estos llamados, alguien sabe que sucede.
Gracias
regards
Before this I had my DNS mass transit, this is related to this, I have several machines that make these calls, anyone knows what happens.
thanks
I have a few different installations that all seemed to get a similar alert at around the same time...
My understanding however is it is not necessarily the access to the 8.8.8.8 server that the alert is about, but the request made to that server for a particular address that is a malicious site. I wish the log file had more info to that respect. Does that sound right Mr. Klassen? If it were about requests to the 8.8.8.8 server itself there would be a magnitude more alerts instead of the 1 or 2 I've gotten... It seems more like a timed launch of a virus that triggered on several widespread systems...
Let me know if this sounds right or not...
Man, it's good to hear that others are having the same problem. Today at 14:49CDT, my APT detector was going crazy! When I saw problems on every device in my house ranging from Nest devices, to iPhones, to DirecTV boxes, I was quite alarmed. My logs weren't telling me much that I can tell. In the end I had 16 devices. The storm ended at 17:04CDT for me. My network was saturated.
every Device using google DNS makes this Alert. i have 2000x alerts in ATP [:)]
So even my Fortimail and Fortigate sitting behind Sophos generatin those Alerts.
So it must be False Positive, Sophos is just such a poor Product. Fortigate is a way way waaaaaay better than Sophos.
i do and i will always recommend all the customers i am working for NOT TO USE this poor Product.
Man, it's good to hear that others are having the same problem. Today at 14:49CDT, my APT detector was going crazy! When I saw problems on every device in my house ranging from Nest devices, to iPhones, to DirecTV boxes, I was quite alarmed. My logs weren't telling me much that I can tell. In the end I had 16 devices. The storm ended at 17:04CDT for me. My network was saturated.
Hi guys, sorry to jump on an old thread but I am seeing this today also. All the clients are linux boxes but what I dont understand is what the issue is. It looks like the firewall is detecting DNS lookups on the Google public DNS server 8.8.8.8 as a threat? Is this a false positive or should I be worried?
Similar problem last night from one of my client's UTM (9.211). I know that at least one of the IP listed is Windows (server), so it is not Linux related.
