Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 48 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 296290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection

YivgenyShipilevsky

Hello,

In last couple of days i start receive emails from my Sophos UTM (Firmware version 9.350-12)

A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.

Details about the alert:

Threat name....: C2/Generic-A

Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx

Time...........: 2016-03-20 06:41:17

Traffic blocked: yes

Source IP address or host: 218.60.112.225

Every Email include different IP Address but it's not my LAN Network. How i can find problematic machine (IP) from my local network ?



This thread was automatically locked due to age.
Parents
  • 0

    Does anyone experiencing this happen to have public IPs, "Any", or "Internet" listed under Network Services > DNS > Global > Allowed Networks?

    The DNS proxy is not designed to be left openly internet facing, and if anyone is, they are almost certainly being used as a proxy for DNS reflection attacks. If that's what's happening here, it seems the target of this particular attack, is also something we detect via ATP. 

    -Alan

  • 0 in reply to AlanT

    Alan,

    thank you for your post. I am sure in Sophos you have analyzed this behaviour. Could you share the analysis's output to community?

    This will eliminate the needs to contact the Support.

    Thanks.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML