yodaa
asked on
Security Geteway Sonicwall
I got this log
Security Services Alert Gateway Anti-Virus Alert: Mintluks.A_2 (Trojan) blocked. 192.168.0.153, 61584, X0 23.40.219.118, 80, X2
I have scanned computer with Malwerbytes and its clear
what is happening here
Security Services Alert Gateway Anti-Virus Alert: Mintluks.A_2 (Trojan) blocked. 192.168.0.153, 61584, X0 23.40.219.118, 80, X2
I have scanned computer with Malwerbytes and its clear
what is happening here
ASKER
But sonicwall blocked it?
Also the ip 23.40.219.11 it trying to infect 192.168.0.153 ?
Also the ip 23.40.219.11 it trying to infect 192.168.0.153 ?
Yes, the SonicWALL blocked the threat.
I can't say for certain that 23.40.219.11 is actually trying to infect 193.168.0.153, but the log does seem to support that that's what's happening. You will to to investigate further to verify.
I can't say for certain that 23.40.219.11 is actually trying to infect 193.168.0.153, but the log does seem to support that that's what's happening. You will to to investigate further to verify.
ASKER
To investigate what would you propose ?
ASKER
Also please could you explain this " It could also be a false positive" ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this can be difficult "This is a somewhat involved process and will require a certain comfort level with network/packet analysis." No experience with it.
Do you know any tutorial how to diagnosis packets in Wireshark?
thank you
Do you know any tutorial how to diagnosis packets in Wireshark?
thank you
The site at 23.40.219.11 is likely serving the malware. Reverse DNS shows that the IP belongs to Akamai Technologies, a very large CDN. It's entirely possible that someone is using the CDN to serve their malware.
It could also be a false positive.
You could run a packet capture on the 192.168.0.153 machine to gain more insight. A packet capture can also be run on the SonicWALL appliance.
I hope this helps.