Description |
This article describes the steps to troubleshoot when having the log event 'Domain was blocked by DNS botnet C&C' for a single user.
date=2023-07-07 time=11:19:48 eventtime=1688708989099213938 tz="+0530" logid="1501054601" type="utm" subtype="dns" eventtype="dns-response" level="warning" vd="root" policyid=1 poluuid="aed62bb4-9314-51ec-00f9-6830d58d92f8" policytype="policy" sessionid=18976445 srcip=192.168.90.23 srcport=64814 srccountry="Reserved" srcintf="lan" srcintfrole="lan" dstip=8.8.4.4 dstport=53 dstcountry="United States" dstintf="port4" dstintfrole="wan" proto=17 profile="Corporate DNS Policy" srcmac="d4:3d:7e:65:e4:d6" xid=24919 qname="survey-smiles.com" qtype="A" qtypeval=1 qclass="IN" ipaddr="208.91.112.55" msg="Domain was blocked by dns botnet C&C" action="redirect" botnetdomain="survey-smiles.com" |
Scope | FortiGate. |
Solution |
If observing a domain has been blocked by a DNS botnet, take the following steps to investigate and resolve the issue:
The UTM licenses are registered in https://support.fortinet.com.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.