Hi,
I'm seeing a few of the following messages in my security logs:
Message meets Alert condition
File Block Detected: Protocol: Source IP: 192.168.0.118 Destination IP: 204.79.197.200 Email Address From: Email Address To:
date=2016-10-21 time=10:37:30 devname=FG100D3G14811908 devid=FG100D3G14811908 logid=0202009248 type=utm subtype=virus eventtype=botnet level=warning vd="root" msg="Botnet C&C Communication." action=blocked sessionid=590954314 srcip=192.168.0.118 dstip=204.79.197.200 srcport=50318 dstport=80 srcintf="lan" dstintf="wan2" proto=6 direction=outgoing quarskip=No-skip virus="HW20161020" dtype="ip-reputation" ref="http://www.fortinet.com/be?bid=7630162" virusid=7630162 profile="default" user="" analyticssubmit=false crscore=50 crlevel=critical
Is there any additional information on this? The IP seems to be Microsoft edge services for office365 and bing.
Seems like a false positive but wanted to see if anybody else has seen this one and has some insight.
I look forward to your reply.
Brandon
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
See this post. It has to do with the DDoS on Dyn.
[link]https://forum.fortinet.com/FindPost/142420[/link]
Perfect... thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.