Sonicwall blocking "botnet" activity to mc.yandex.ru

[cparker4486]

Hi,

I believe this is a false negative but can someone explain why Sonicwall is picking up HTTP requests to mc.yandex.ru from the forum as being botnet activity? Below is a screenshot from wireshark and the text of an alert email I receive from Sonicwall.

Code: Select all

09/23/2013 09:52:18.400 - Alert - Botnet Blocking - 	Suspected Botnet responder blocked: Responder IP:93.158.134.119 - 	<my local ip>, 62899, X0, workstation.domain.local (admin) - 	93.158.134.119, 62899, X3, mc.yandex.ru - 	 

This email was generated by: SonicOS Enhanced 5.8.1.12-46o (C0EA-E419-C0BC)

[Gostev]

No idea, but I can confirm that Yandex.ru is legit (top search site in Russia, Google's competitor). I have forwarded this to the web team. Thanks!

[cparker4486]

Hi, Gostev. That's what I thought. I will send this information to SonicWall as well and see if they can't improve their detection rules somehow.