02-25-2019 09:34 AM - edited 02-20-2020 09:08 PM
I'm trying to figure out an interesting case I have on hand. Our SF IPS-es running on 6.1.0.3 (build 57) are detecting this CNC torpig bot sinkhole server DNS lookup events coming from our Internal Barracuda ESGs. We had called Barracuda technical support but they can't find from their side what is causing the issue. I talked to Cisco TAC and they believe there is a client relaying DNS queries thru these barracuda boxes. Has anyone experienced this same issue I'm having?