During the night,ALL my 9.4 upgraded UTM's, showed theese (from china): Advanced Threat Protection A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company. Details about the alert: Threat name....: C2/Generic-A Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx Time...........: 2016-03-20 05:37:01 Traffic blocked: yes Source IP address or host: 180.97.161.225 -- System Uptime : 25 days 19 hours 13 minutes System Load : 2.07 System Version : Sophos UTM 9.400-9 and this: Advanced Threat Protection A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company. Details about the alert: Threat name....: C2/Generic-A Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx Time...........: 2016-03-20 04:01:43 Traffic blocked: yes Source IP address or host: 218.60.112.227 -- System Uptime : 25 days 17 hours 37 minutes System Load : 2.10 System Version : Sophos UTM 9.400-9 But ATP is normally working from inside to outside, how could this be happening?
↧
