Running the latest Fortigate OS with features such as block Botnet traffic enabled I am seeing intermittent low profile blocks labelled Zeus, this has appeared from 3 sources but outgoing web or IP addresses are different
Dst 220.127.116.11 (www.mhealthcaresolutions.co.uk)
I have scanned each source machine within an inch of their lives with Sophos and various root kit revealers but have found nothing.
Is this a feature of the new OS and specifically the Block Connections to Botnet Servers feature?
We had exactly the same problem with a pure forwarding server from a big webhoster. After they checked their server and couldn' t find anything, we decided to disable the " Block Connections to Botnet Servers" feature.
I' m still waiting for a reply from Fortinet for this opened ticket since 2 weeks now.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.