Video Screencast Help

BOTNETS Not Being Blocked.

Created: 12 Aug 2010 • Updated: 01 Oct 2010 | 3 comments
kristopherjturner's picture
This issue has been solved. See solution.

On our Gateway I am monitoring about 12 different attacks from an IP from Russia using FTP.  The Gateway says it is monitoring the Botnet but not blocking it.  I have verified that this IP is not a good one.  How come out Gateway isn't blocking this?

Comments 3 CommentsJump to latest comment

KevK76's picture

Came across this KB article which seems to cover this:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/...

Cheers,

Kevin

SOLUTION
kristopherjturner's picture

Thanks.  Will check it out.  Found out that even though they are flagged as botnets they sometimes are not and that is why it just monitors for a while.

I did block the IP to russia.  Figured that wasn't a good ip anyway.  :)

Revenge's picture

Very help-full documents. but if swg is inline monitor mode and boots tab is blocking,
so is to be possible all active bots is block. why i am asking this bcoz i got boots in SWG report  this are still active and monitoring. and i am using inline monitoring mode.