I spent some times on fortianalyzer NOC view. Then i noticed some
internal users have a lot of blocked udp outgoing connections. So far
nothing looks suspicious on workstations. Whatsoever, i'd really like to
understand what is going on.So if you hav...
Hi all,We often see some of our users reporting the fake tech support
scam.Exemple of a compromised site here : page2rss.com While the scam is
hosted on cloud, and url may change, it looks like there is always the
same url pattern :"randomfirstpart"....
Hi guys, I just updated my dns servers. Now, as Dan Kaminsky' s dns
checker shows, the situation is better. But my FG300A, running 3.00
build0483, seems to interfere with the DNS' s port selection policy.
(Try it yourself at www.doxpara.com). I don' ...
Hi all, Starting from a correctly working cluster of FG300A V3.00 MR4
Buid483, I' m now trying to add a second internet link. What i did with
my first internet access was to declare it as a VLAN subinterface of
port1 (let' s call it internet1). It wo...
Hi Shawn,TY, this is very close to what i can see here in our logs.While
we dont have any TCP/7680 packets, and WUDO setting is enabled but on
local netwok only.
Yes Yuri, ty. But know that we have our hands on that laptop, no udp
connection occurs, (at least not for now).Shawn gave a good explanation.
I believe he is right. I'm just trying to reproduce what i saw.
Hi ShawnDo you have any informations about ports involved ? MS site says
about windows update delivery optimisation:If you set up Delivery
Optimization to create peer groups that include devices across NATs (or
any form of internal subnet that uses g...
Hello all,Regarding users internet usage, we set rules to only allow
known regular traffic, so it's mostly http and https. That's why some
random udp connection like that are put in evidence.We also checked
windows update settings. P2P updates are di...
I'm more and more concerned it could be something malicious :- thousands
UDP connections to ISP subscribers IP ranges- it has started as soon as
user locked is windows session, and ended when he came back- some
botnets seems to show that kind of beha...