Web Gateway Suspect Botnets
We are on version 220.127.116.11. I have some questions regarding seeing botnet suspect within the web gateway. I have read and been advised that a suspect botnet does not apply the policy set to block a certain site until it becomes a active bot. We have never had an active bot but we have had several suspect bots. What we have been doing is just adding the ip/domain name to the web gateway black list. Most of the suspect bots have ips but unknown domain name. How can we find out what the domain name is associated with the ip? That way we have more of an idea as to whether it needs to be blocked? What do you do if you see an suspect botnet? Whats best action?