Educause Security Discussion mailing list archives
Re: Google "Unusual traffic from your computer network" notification
From: Jon Robinson <jon () DIGITALSCEPTER COM>
Date: Mon, 9 Dec 2013 08:54:22 -0800
We had a customer with this problem. They started with the assumption that it was malware on the user network. After several days of hunting, they abandoned that idea and tapped a different segment with Palo Alto (could probably user your Sonicwall and Snort instead...or wireshark) and found the offending google requests from a misconfigured reverse-proxy that was allowing the world to use it. HTH. Jon Robinson Digital Scepter desk (951) 461-7868 mobile (562) 682-0821 jon () digitalscepter com On Mon, Dec 9, 2013 at 5:37 AM, Michael J. Kenney <m.kenney () usciences edu>wrote:
We’ve been getting these notifications pretty much on a daily basis and trying to find the problem is like finding a needle in a haystack. https://support.google.com/websearch/answer/86640?hl=en Anyone happen to have a short term solution that could help find the infected computer(s) such as traffic patterns that are being sent to Google? Also a long term solution possibly an anti-malware appliance such as FireEye that could help protect against these types of threats that our Sonicwall IPS cannot? We have a Snort server, but that is more reactive than proactive and there are just too many. Thanks, Michael
Current thread:
- Google "Unusual traffic from your computer network" notification Michael J. Kenney (Dec 09)
- Re: Google "Unusual traffic from your computer network" notification Randall C Grimshaw (Dec 09)
- Re: Google "Unusual traffic from your computer network" notification Jon Robinson (Dec 09)