Empire strikes back, network security edition

Our network edge security provider never sleeps. Another day, another missive:

Dear XXX,

Kindly be informed that we are getting suspicious traffic from the below IPs to 8.8.8.8 and 8.8.4.4

The source IPs are : <bunch of internal IP addresses>

On our gentle inquiry what kind of traffic they’re getting and what makes said traffic suspicious, we got following response:

Dear XXX,

First we need to know from the customer  if there is a legal traffic between the mentioned sources and destinations.

If it’s legal what kind of communication is this. And the rate of requests per second.

Based on those information we can provide you with more details.

Probably should write them back that these VMs are infected by the botnet called DNS.

Advertisements
Empire strikes back, network security edition

Lisa kommentaar

Täida nõutavad väljad või kliki ikoonile, et sisse logida:

WordPress.com Logo

Sa kommenteerid kasutades oma WordPress.com kontot. Logi välja / Muuda )

Twitter picture

Sa kommenteerid kasutades oma Twitter kontot. Logi välja / Muuda )

Facebook photo

Sa kommenteerid kasutades oma Facebook kontot. Logi välja / Muuda )

Google+ photo

Sa kommenteerid kasutades oma Google+ kontot. Logi välja / Muuda )

Connecting to %s