Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bobm
New Contributor III

Created on ‎09-29-2014 06:53 PM

Google found unusual traffic

Today we started getting error messages from Google saying they detected " unusual traffic" from our network, and blocking our searches. I' ve done some research, and will be looking for malware, etc on the users' PCs, but also want to look at the traffic. We' re running a 60C with minimal features running (pretty much UTM only) due to memory issues. I' m going to enable IPS for a while tomorrow to see if anything hits, but wanted to know if anyone has run across this and had any ideas on what to look for in traffic logs (apps, UDP ports, etc) since Google doesn' t give any info on destination addresses, types of traffic, etc - just " unusual" .
4748
5 REPLIES 5
netmin
Contributor II

Created on ‎09-29-2014 11:08 PM

You could search for unusual google traffic/usage in your webfilter logs, robots on your network, etc. https://support.google.com/websearch/answer/86640?hl=en
1881
0 Kudos
bobm
New Contributor III

Created on ‎09-30-2014 06:13 AM

Thanks netmin, I had looked at that page, and reported the situation to Google as well. And virus scans this morning came up clean. But what I was wondering was if there was a particular signature to look for in the FGT logs - addresses, applications, UDP ports, etc. that would help me narrow down my search for the culprit. Other than just " who has the most outbound traffic" . Seems to be OK today though.
1881
0 Kudos
Istvan_Takacs_FTNT
Staff
Staff
In response to bobm

Created on ‎09-30-2014 01:19 PM

" unusual traffic" can also mean that someone might' ve picket your address range to target another system. Since the attacker is not interested in flooding his/her own system with the answer, the source could be faked for something unrelated. Check the traffic log also for any " unusual traffic" coming in.
1881
0 Kudos
omkam
New Contributor II
In response to Istvan_Takacs_FTNT

Created on ‎05-17-2023 01:25 AM

Is this related to fortigate issue?

Omkar
350
0 Kudos
netmin
Contributor II

Created on ‎09-30-2014 08:10 AM

They are mainly referring to web crawlers or robots (like click bots). That was usually http or https traffic to google servers. I would investigate 24h high or constant session counts from individual PCs (i.e. using FortiView graphs/stats on 5.2.x) or session history graphs first. FortiView does also allow for more drill down. Unfortunately they don' t state more in details _when_ one gets flagged (invalid/suspicious browser agents, constant query rates or special query types).
1881
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.