cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Center question MX64 with Adv Sec.- not sure where to post.

Highlighted
Here to help

Security Center question MX64 with Adv Sec.- not sure where to post.

My firewall keeps on getting trigged by Australia Perth Akamai Technologies Inc on brand new machine that I've just set up for a client. I installed Norton on that machine as per client request.

Does anyone know if this is a real attack? 

 

Here's the threat:

 

INDICATOR-COMPROMISEContent-Type text/plain containing Portable Executable data

 

Thank you.

P

 

5 REPLIES 5
Highlighted
Head in the Cloud

Re: Security Center question MX64 with Adv Sec.- not sure where to post.

if It is a real attack at least you know the MX is doing its job in blocking and letting you know!

 

 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Highlighted
Kind of a big deal

Re: Security Center question MX64 with Adv Sec.- not sure where to post.

Let's take a look what this message is: https://www.snort.org/rule_docs/1-38619

 

"This event is generated when a Content-Type header reports plaintext, but there is Portable Executable data detected."

 

It's rather unusual for a file pretending to be plaintext but to be executable at the same time. There's a relatively high probability that this was a real attack, but to be sure, one would have to investigate further.

 

You can get further information at https://www.virustotal.com/gui/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a...

Highlighted
Here to help

Re: Security Center question MX64 with Adv Sec.- not sure where to post.

Yes, MX is doing great! Just not about the attack given it comes from static IP of Security/Cloud company Acamai
Highlighted
Here to help

Re: Security Center question MX64 with Adv Sec.- not sure where to post.

Totally agree!

Will have to have a dig and look for the files listed on that site. I was wondering if anyone else came across this one..
Highlighted
Getting noticed

Re: Security Center question MX64 with Adv Sec.- not sure where to post.

What is great about the community...you can always learn!  Thank you for the post, great knowing how to get more details on the alert from snort.org

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.