C&C Traffic Direction re China Chopper

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

C&C Traffic Direction re China Chopper

L4 Transporter

Hi,  sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o)

 

I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on.  The thing is the threat reports are showing Inbound China Chopper C&C traffic to some of our servers.  It's presumably being dropped as per our profiles, but I am pretty sure we are not hosting C&C servers.  I could believe we somehow got infected but I would expect that would result in Outbound C&C traffic, so why would the C&C traffic be inbound to my servers from seemingly random internet sources?

 

Thanks.

2 REPLIES 2

L1 Bithead

My experience with this is similar, I know we don't have any infections but we get frequent China Chopper packets coming in. I have set the threatID to block because when I look at the Geo location of the source IP, it's always from questionable locations.  I have been blocking this traffic for two months without any issues.

Cyber Elite
Cyber Elite

Hello,

I would say as long as your PAN is blocking/dropping the traffic inbound, you should be OK.

 

You can always open a TAC case to verify.

 

Regards,

  • 5479 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!