Video Screencast Help
New Company Name and Logo Announced. Learn More.

BOTNETS Not Being Blocked.

Created: 12 Aug 2010 • Updated: 01 Oct 2010 | 3 comments
kristopherjturner's picture
This issue has been solved. See solution.

On our Gateway I am monitoring about 12 different attacks from an IP from Russia using FTP.  The Gateway says it is monitoring the Botnet but not blocking it.  I have verified that this IP is not a good one.  How come out Gateway isn't blocking this?

Comments 3 CommentsJump to latest comment

KevK76's picture

Came across this KB article which seems to cover this:



kristopherjturner's picture

Thanks.  Will check it out.  Found out that even though they are flagged as botnets they sometimes are not and that is why it just monitors for a while.

I did block the IP to russia.  Figured that wasn't a good ip anyway.  :)

Revenge's picture

Very help-full documents. but if swg is inline monitor mode and boots tab is blocking,
so is to be possible all active bots is block. why i am asking this bcoz i got boots in SWG report  this are still active and monitoring. and i am using inline monitoring mode.