Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2836
Views
0
Helpful
5
Replies

backplane1.janrainbackplane.com

mrrlg
Level 1
Level 1

‎11-13-2012 09:57 AM - edited ‎03-11-2019 05:22 PM

    We have been running the Cisco Botnet fliters for some time now and we are seeing thousands of dropped packets all pointing to backplane1.janrainbackplane.com, port 443 on a wide variety of ip addresses. I can find no information within the other anti-malware vendors that they consider this to be malware. Is this behavior unique to my environment or are you seeing this type of behavior as well?              

Labels:
0 Helpful
5 Replies 5

Robert Zeff
Level 1
Level 1

‎11-28-2012 09:36 AM

90% of the blocked IPs on my Botnet filter are from backplane1.janrainbackplane.com, port 443

None of the hosts, perhaps 50, have complained about problems.

I have no idea why. 

-Robert

0 Helpful

mrrlg
Level 1
Level 1
In response to Robert Zeff

‎11-28-2012 11:57 AM

I currently have an open ticket with Cisco on this matter. I am seeing this "domain" associated with multiple ips. Their current response is

"the domain is mapped to several IPs and due to the command 'dynamic-filter ambiguous-is-black' then it will be blocked. You can create an entry under the White-list in order to access the Website and keep the "ambiguous" command on."

The ip addresses I checked that were being associated with this domain are part of Amazon's e-commerce space. I have white-listed it in a couple of ASAs to see if the underlying ip addresses are captured by the botnet filter.

0 Helpful

Robert Zeff
Level 1
Level 1
In response to mrrlg

‎12-01-2012 06:59 PM

I think these are all pop-up ads.  I thought about white-listing, but we've been blcking thousands of hits with no complaints.

We've seen pop up ads that contain malware, so unless someone complains, we'll not white-list.

What is ambiguoius, I wonder?  There is no forward - reverse lookup matches for all of these IPs?

0 Helpful

grahamt
Level 1
Level 1

‎12-17-2012 12:08 PM

Same here. We've been blocking about 300-400k connections per day to this site for weeks. Zero complaints. I did a capture and it seemed related to either ads or analytics for Fox Sports websites.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card