09-13-2018 01:20 AM
Hi, sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o)
I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on. The thing is the threat reports are showing Inbound China Chopper C&C traffic to some of our servers. It's presumably being dropped as per our profiles, but I am pretty sure we are not hosting C&C servers. I could believe we somehow got infected but I would expect that would result in Outbound C&C traffic, so why would the C&C traffic be inbound to my servers from seemingly random internet sources?
Thanks.
09-13-2018 08:27 AM
My experience with this is similar, I know we don't have any infections but we get frequent China Chopper packets coming in. I have set the threatID to block because when I look at the Geo location of the source IP, it's always from questionable locations. I have been blocking this traffic for two months without any issues.
09-18-2018 07:43 AM
Hello,
I would say as long as your PAN is blocking/dropping the traffic inbound, you should be OK.
You can always open a TAC case to verify.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
