I recently redeployed a firewall appliance, and I noticed that it is logging many intrusion protection events. They happen only when I am connected to the LowEndTalk website and no other times. It took time to figure out that the events are associated with LowEndTalk. I am certain it is LowEndTalk. I can make the events start by opening web pages in LowEndTalk, and make them stop the instant I quit the browser. No other website does it. Whether the events are real security issues or just an overprotective firewall is a worth discussing, and I would like to know your opinions. The firewall complains about two things:
Many of these messages:
"Suspicious .pw dns query [...] A Network Trojan was Detected"
and a few of these messages:
"BLACKLIST DNS request for known malware domain chickenkiller.com"
I haven't figured out how to get more detailed information from the firewall yet.
Has anyone else noticed them? Can someone suggest an explanation? Should I care? (Should you care?)
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment