" X.X.X.20 is listed in the XBL, because it appears in: CBL"
" IP Address X.X.X.20 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-06-16 00:00 GMT (+/- 30 minutes), approximately 2 hours ago. It has been relisted following a previous removal at 2014-06-13 14:18 GMT (2 days, 12 hours, 2 minutes ago) This IP is infected (or NATting for a computer that is infected) with the Conficker A or Conficker B botnet."For some reason the antivirus/IPS are not detecting the conficker virus. What else to do please?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For some reason the antivirus/IPS are not detecting the conficker virus.This really doesn' t tell us much in the way of what firmware you are running on the 100D nor what actual signatures are selected. Not in front of a fgt device to confirm, but I recall under 5.0.x firmware you need to enable the block connections to botnet servers under the various UTM profiles. Under 4.0. MR3 (and 5.0.x) botnet detection is enabled under application control -- create a new app sensor that blocks botnet. Use the search link (at the top of this page) -- we recently had a similar discussion on conficker, including basically just blocking the ports used by it.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ORIGINAL: ede_pfau ... (after I saw gigabytes crossing that DNS-only policy!!).If your DNS policy source is only your DNS servers, then this may not be so large an issue, UNLESS your DNS servers were compromised... If you don' t run your own internal DNS, then this is something to keep an eye on for sure.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Do i have to block all these botnet from application control?Pretty much, though your screenshot shows you setting the action to monitor, which you do not want. Set it to block.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.