Empire strikes back, network security edition

Our network edge security provider never sleeps. Another day, another missive:

Dear XXX,

Kindly be informed that we are getting suspicious traffic from the below IPs to 8.8.8.8 and 8.8.4.4

The source IPs are : <bunch of internal IP addresses>

On our gentle inquiry what kind of traffic they’re getting and what makes said traffic suspicious, we got following response:

Dear XXX,

First we need to know from the customer  if there is a legal traffic between the mentioned sources and destinations.

If it’s legal what kind of communication is this. And the rate of requests per second.

Based on those information we can provide you with more details.

Probably should write them back that these VMs are infected by the botnet called DNS.

Advertisements
Empire strikes back, network security edition

Lisa kommentaar

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Muuda )

Twitter picture

You are commenting using your Twitter account. Log Out / Muuda )

Facebook photo

You are commenting using your Facebook account. Log Out / Muuda )

Google+ photo

You are commenting using your Google+ account. Log Out / Muuda )

Connecting to %s