Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

log for "dns query for a site known to contain malware" with 9Gb data ?

Hello CheckMates,

found some older logs like this:

Screenshot 2021-03-16 174946.png

9GB data for DNS requests ? Is this real ?

Wolfgang

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

Nice. If it were Prevent not Detect, you would know better what it was 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
Authority
Authority

Yes @G_W_Albrecht, we're looking for. I'm not happy with this 🙄

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin

As I mentioned in a different thread that could easily be the result of SNI verification the gateway is doing.
That said, 9gb is a bit excessive and recommend a TAC case. 

0 Kudos
_Val_
Admin
Admin

If it is, looks like DNS tunneling

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events