DNS watch - suspicious connections

Hello,

For the last couple of weeks, I've been getting this email about DNSWatch stopping suspicious domains. Its good that it was caught and blocked, but is there anything else I can do? Should I open a case with support?

_Greetings,
DNSWatch stopped one of your devices from connecting with a suspicious domain. Your network is safe. _

When I login to DNSWatch, this is what I see. Looks like the latest are from Vietnam (.vn).

Comments

  • I do have Vietnam blocked on the WatchGuard, may be that's why?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @tantony
    If they're advertising, they're likely just embedded as advertising on other pages. They'll get blocked, so you won't even see them. The system is basically just letting you know it did it's job.

    (I have yet to find a legitimate domain that isn't used for spam/malware/etc in the ".top" TLD. Nothing of value was lost.)

    -James Carson
    WatchGuard Customer Support

  • Thanks, @james.carson ,

    So there's nothing really I can do here right? Its just a notification like you said?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @tantony You can attempt to block those domains, but it's literally playing whack-a-mole. For every one you block, 10 more will pop up.

    -If you don't have any legitimate purpose for anything in that top level domain, you can use something like webblocker to deny *.top
    -Using the extended protection categories in webblocker (specifically the advertisements and malicious sites,) can also help.

    -James Carson
    WatchGuard Customer Support

  • @james.carson , agreed thanks

Sign In to comment.