I spent some times on fortianalyzer NOC view. Then i noticed some
internal users have a lot of blocked udp outgoing connections. So far
nothing looks suspicious on workstations. Whatsoever, i'd really like to
understand what is going on.So if you hav...
Hi all,We often see some of our users reporting the fake tech support
scam.Exemple of a compromised site here : page2rss.com While the scam is
hosted on cloud, and url may change, it looks like there is always the
same url pattern :"randomfirstpart"....
Hi Shawn,TY, this is very close to what i can see here in our logs.While
we dont have any TCP/7680 packets, and WUDO setting is enabled but on
local netwok only.
Yes Yuri, ty. But know that we have our hands on that laptop, no udp
connection occurs, (at least not for now).Shawn gave a good explanation.
I believe he is right. I'm just trying to reproduce what i saw.
Hi ShawnDo you have any informations about ports involved ? MS site says
about windows update delivery optimisation:If you set up Delivery
Optimization to create peer groups that include devices across NATs (or
any form of internal subnet that uses g...
Hello all,Regarding users internet usage, we set rules to only allow
known regular traffic, so it's mostly http and https. That's why some
random udp connection like that are put in evidence.We also checked
windows update settings. P2P updates are di...
I'm more and more concerned it could be something malicious :- thousands
UDP connections to ISP subscribers IP ranges- it has started as soon as
user locked is windows session, and ended when he came back- some
botnets seems to show that kind of beha...
