I was viewing my firewall logs and come across the IP 8.8.8.8. Further check reveals it most likely belong to Google DNS. And such traffic has been going out from some of our LAN segment PCs. From here on, how should I determine whether its legal traffic ? I do not have any SIEM product installed yet. The next best thing is to physically go to each PC affect and check ? On the other hand, would using some version of web browser cause this?thanks for any advice.
Aucun commentaire:
Enregistrer un commentaire