Meraki

Community

Content filtering weird issue

JonP
Getting noticed
‎Oct 30 2023 2:44 AM
‎Oct 30 2023 2:44 AM

Content filtering weird issue

Hi folks,

 

We have content filtering set up on our MX, and it has suddenly started reporting that our Domain Controler is trying to reach pornographic sites at 3:33am most mornings. Our PDC is also our DNS server for the network.

 

We can't find any obvious cause for this. We aren't a 24 hour operation, so there is no one on the VPN or in the building at that time of the morning. The domain controller itself appears to be clean, and there's nothing in the DNS logs to suggest it's caching those nameservers for any reason.

 

Is it possible this is a false positive, or that it's coming from another machine on the network?

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 30 2023 3:04 AM
‎Oct 30 2023 3:04 AM

It doesn't seem like a false positive to me, any chance your server is infected?
 
I would scan the server to make sure everything is ok.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
JonP
Getting noticed
‎Oct 30 2023 7:26 AM
‎Oct 30 2023 7:26 AM

I've scanned the server with Spybot S&D, and it has an EDR solution installed as well. Spybot found some tracking cookies and a registry entry that prevented the "Windows is checking for a solution" popups, which is slightly suspicious.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.