Comments
-
I will see what I can do to get a packet capture.
-
We don't use or have installed anywhere on the network SonicWall Antispam desktop client or Zone Alarm from Checkpoint. Perhaps someone is spoofing SonicWall on the internet? Have you looked into the subdomains? Something is not right. For instance, take a look at 2.1a548b1cb6555409.griddnsd.global.sonicwall.com? Why was…
-
Is there anyway for SonicWall to take them down and to do an investigation into this rogue behavior? I assume SonicWall could take them down as they own the subdomain. I reported it to SonicWall but never heard back. It does not help that I am not a customer but this is very worrisome behavior. There is no explanation for…
-
I have checked. We do not have any vendors or a solution that is querying these domains. It was found in recursive DNS. I think we have a rogue connection to our network every so often exfiltrating data. It seems to be the only explanation.
-
I confirmed again that we don't have SonicWall in our network. I have seen reports on Twitter and elsewhere of similar hostnames in networks and nobody understands why.
-
We do not have SonicWall in our network at all. The Cisco ASA Firewall does not have the hostnames in the logs. The domains are not configured in the Cisco ASA Firewall. If you use passive DNS, then you will see these instances. Go to Spyse for an example -…
-
I am seeing this on internal IPs (non-routable). It was seen on a Cisco ASA Firewall. These IPs are not seen externally so why would an email security device need continual access to it for an IP reputational check. It looks malicious.