This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP reporting source as external address

Can someone suggest why the ATP would report an infection coming from an external address ?

 

Thanks

 



This thread was automatically locked due to age.
Parents
  • I'm getting the same symptoms from that same source on a UTM running firmware 9.406-3.  The aptp log shows it is protocol 6 (TCP) so this is probably unrelated to the previous UDP bug.  The source IP is in Saint Petersburg, Russia, which is not on my LAN.

    2016:10:26-10:33:01 xxxx afcd[31823]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="195.62.53.168"
    dstip="xxx.xxx.xxx.xxx" fwrule="63001" proto="6" threatname="C2/Generic-A" status="1" host="lock.bz" url="" action="drop"


  • Same here, 2 times this morning with our http reverse proxy as destination:

    2016:10:27-06:50:12 cerberus afcd[14899]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="195.62.53.168" dstip="<REVERSE_PROXY_LAN_IP_ADDR>" fwrule="63001" proto="6" threatname="C2/Generic-A" status="1" host="lock.bz" url="" action="drop"
    2016:10:27-09:06:51 cerberus afcd[31684]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="195.62.53.168" dstip="<REVERSE_PROXY_LAN_IP_ADDR>" fwrule="63001" proto="6" threatname="C2/Generic-A" status="1" host="lock.bz" url="" action="drop"
    
Reply
  • Same here, 2 times this morning with our http reverse proxy as destination:

    2016:10:27-06:50:12 cerberus afcd[14899]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="195.62.53.168" dstip="<REVERSE_PROXY_LAN_IP_ADDR>" fwrule="63001" proto="6" threatname="C2/Generic-A" status="1" host="lock.bz" url="" action="drop"
    2016:10:27-09:06:51 cerberus afcd[31684]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="195.62.53.168" dstip="<REVERSE_PROXY_LAN_IP_ADDR>" fwrule="63001" proto="6" threatname="C2/Generic-A" status="1" host="lock.bz" url="" action="drop"
    
Children
No Data