Educause Security Discussion
mailing list archives
Re: Google "Unusual traffic from your computer network" notification
From: Jon Robinson <jon () DIGITALSCEPTER COM>
Date: Mon, 9 Dec 2013 08:54:22 -0800
We had a customer with this problem. They started with the assumption that
it was malware on the user network. After several days of hunting, they
abandoned that idea and tapped a different segment with Palo Alto (could
probably user your Sonicwall and Snort instead...or wireshark) and found
the offending google requests from a misconfigured reverse-proxy that was
allowing the world to use it. HTH.
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com
On Mon, Dec 9, 2013 at 5:37 AM, Michael J. Kenney <m.kenney () usciences edu>wrote:
We’ve been getting these notifications pretty much on a daily basis and
trying to find the problem is like finding a needle in a haystack.
Anyone happen to have a short term solution that could help find the
infected computer(s) such as traffic patterns that are being sent to
Google? Also a long term solution possibly an anti-malware appliance such
as FireEye that could help protect against these types of threats that our
Sonicwall IPS cannot? We have a Snort server, but that is more reactive
than proactive and there are just too many.