Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Google "Unusual traffic from your computer network" notification
From: Jon Robinson <jon () DIGITALSCEPTER COM>
Date: Mon, 9 Dec 2013 08:54:22 -0800

We had a customer with this problem. They started with the assumption that
it was malware on the user network. After several days of hunting, they
abandoned that idea and tapped a different segment with Palo Alto (could
probably user your Sonicwall and Snort instead...or wireshark) and found
the offending google requests from a misconfigured reverse-proxy that was
allowing the world to use it. HTH.

Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com

On Mon, Dec 9, 2013 at 5:37 AM, Michael J. Kenney <m.kenney () usciences edu>wrote:

We’ve been getting these notifications pretty much on a daily basis and
trying to find the problem is like finding a needle in a haystack.

Anyone happen to have a short term solution that could help find the
infected computer(s) such as traffic patterns that are being sent to
Google? Also a long term solution possibly an anti-malware appliance such
as FireEye that could help protect against these types of threats that our
Sonicwall IPS cannot? We have a Snort server, but that is more reactive
than proactive and there are just too many.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]