Virtual Secure Web Gateway

 View Only

  • 1.  BOTNETS Not Being Blocked.

    Posted Aug 12, 2010 11:02 AM
    On our Gateway I am monitoring about 12 different attacks from an IP from Russia using FTP.  The Gateway says it is monitoring the Botnet but not blocking it.  I have verified that this IP is not a good one.  How come out Gateway isn't blocking this?






  • 2.  RE: BOTNETS Not Being Blocked.
    Best Answer

    Posted Aug 17, 2010 12:58 PM
    Came across this KB article which seems to cover this:

    http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2010063014490854


    Cheers,

    Kevin


  • 3.  RE: BOTNETS Not Being Blocked.

    Posted Aug 17, 2010 01:57 PM
    Thanks.  Will check it out.  Found out that even though they are flagged as botnets they sometimes are not and that is why it just monitors for a while.

    I did block the IP to russia.  Figured that wasn't a good ip anyway.  :)


  • 4.  RE: BOTNETS Not Being Blocked.

    Posted Aug 31, 2010 07:27 AM
    Very help-full documents. but if swg is inline monitor mode and boots tab is blocking,
    so is to be possible all active bots is block. why i am asking this bcoz i got boots in SWG report  this are still active and monitoring. and i am using inline monitoring mode.