Re: Google "Unusual traffic from your computer network" notification

[Jon Robinson <jon () DIGITALSCEPTER COM>]

We had a customer with this problem. They started with the assumption that
it was malware on the user network. After several days of hunting, they
abandoned that idea and tapped a different segment with Palo Alto (could
probably user your Sonicwall and Snort instead...or wireshark) and found
the offending google requests from a misconfigured reverse-proxy that was
allowing the world to use it. HTH.


Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com



On Mon, Dec 9, 2013 at 5:37 AM, Michael J. Kenney <m.kenney () usciences edu>wrote:

> We’ve been getting these notifications pretty much on a daily basis and
> trying to find the problem is like finding a needle in a haystack.
> https://support.google.com/websearch/answer/86640?hl=en
>
>
>
> Anyone happen to have a short term solution that could help find the
> infected computer(s) such as traffic patterns that are being sent to
> Google? Also a long term solution possibly an anti-malware appliance such
> as FireEye that could help protect against these types of threats that our
> Sonicwall IPS cannot? We have a Snort server, but that is more reactive
> than proactive and there are just too many.
>
>
>
>
>
> Thanks,
>
>
>
> Michael