botnet to 204.79.197.200 (Office 365)

Forum|Forum|9 years ago
October 21, 2016
1 reply
7171 views

Hi,

I'm seeing a few of the following messages in my security logs:

Message meets Alert condition

File Block Detected: Protocol: Source IP: 192.168.0.118 Destination IP: 204.79.197.200 Email Address From: Email Address To:

date=2016-10-21 time=10:37:30 devname=FG100D3G14811908 devid=FG100D3G14811908 logid=0202009248 type=utm subtype=virus eventtype=botnet level=warning vd="root" msg="Botnet C&C Communication." action=blocked sessionid=590954314 srcip=192.168.0.118 dstip=204.79.197.200 srcport=50318 dstport=80 srcintf="lan" dstintf="wan2" proto=6 direction=outgoing quarskip=No-skip virus="HW20161020" dtype="ip-reputation" ref="http://www.fortinet.com/be?bid=7630162" virusid=7630162 profile="default" user="" analyticssubmit=false crscore=50 crlevel=critical

Is there any additional information on this? The IP seems to be Microsoft edge services for office365 and bing.

Seems like a false positive but wanted to see if anybody else has seen this one and has some insight.

I look forward to your reply.

Brandon

tclark

New Member

See this post. It has to do with the DDoS on Dyn.

[link]https://forum.fortinet.com/FindPost/142420[/link]

beilermanAuthor

New Member

Perfect... thank you!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded