DNS watch - suspicious connections
Hello,
For the last couple of weeks, I've been getting this email about DNSWatch stopping suspicious domains. Its good that it was caught and blocked, but is there anything else I can do? Should I open a case with support?
_Greetings,
DNSWatch stopped one of your devices from connecting with a suspicious domain. Your network is safe. _
When I login to DNSWatch, this is what I see. Looks like the latest are from Vietnam (.vn).
0
Sign In to comment.
Comments
I do have Vietnam blocked on the WatchGuard, may be that's why?
Hi @tantony
If they're advertising, they're likely just embedded as advertising on other pages. They'll get blocked, so you won't even see them. The system is basically just letting you know it did it's job.
(I have yet to find a legitimate domain that isn't used for spam/malware/etc in the ".top" TLD. Nothing of value was lost.)
-James Carson
WatchGuard Customer Support
Thanks, @james.carson ,
So there's nothing really I can do here right? Its just a notification like you said?
@tantony You can attempt to block those domains, but it's literally playing whack-a-mole. For every one you block, 10 more will pop up.
-If you don't have any legitimate purpose for anything in that top level domain, you can use something like webblocker to deny *.top
-Using the extended protection categories in webblocker (specifically the advertisements and malicious sites,) can also help.
-James Carson
WatchGuard Customer Support
@james.carson , agreed thanks