Apr 05 2022 05:23 AM
Hello,
We have installed ATP sensor on, on-premises DC's .
However, after installation we have traffic to external IP’s over port 3389 (RDP) which is being blocked at Zscaler level. Just wanted to know if there is specific application or task making the connection to external IP’s . And is this expected behavior .... If yes, can you please explain a bit on this process.
Apr 05 2022 05:39 AM
Apr 05 2022 06:56 AM
Apr 05 2022 07:10 AM
Nov 21 2023 01:10 PM
Nov 21 2023 10:38 PM
@piovisqui Which type of connection did the DC start ?
was it bi directional ? if yes, then we will monitor the reply as it's a connection into the DC.
Nov 23 2023 11:35 AM
Nov 24 2023 12:10 PM
@piovisqui on which port did you get the traffic from outside ? was it a standard DNS port ?
Jan 16 2024 02:33 PM
Jan 17 2024 01:15 AM
@piovisqui So the DC initiated a DNS query to an external address on port UDP 53 ?
Do you happen to know what was the query (if you managed to capture the data ) ?
Do you know for sure that the request came from the sensor process?
In general, this can happen only if the DC previously got some sort of connection from this address.