Hi, sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o)
I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on. The thing is the threat reports are showing Inbound China Chopper C&C traffic to some of our servers. It's presumably being dropped as per our profiles, but I am pretty sure we are not hosting C&C servers. I could believe we somehow got infected but I would expect that would result in Outbound C&C traffic, so why would the C&C traffic be inbound to my servers from seemingly random internet sources?
My experience with this is similar, I know we don't have any infections but we get frequent China Chopper packets coming in. I have set the threatID to block because when I look at the Geo location of the source IP, it's always from questionable locations. I have been blocking this traffic for two months without any issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!