What is the deal with the Alien Vault notifications in Spiceworks Alerts telling me that some of my servers are communicating with suspicious IP's? I have a full AV solution on all servers and I get at least 3-4 servers a day talking to suspicious IP's...whats weirder is that we also have a Sonicwall in place with GEO-IP filters in place to block any IP originating in the designated countries I setup. I can go to certain websites and its blocked by the firewall, but why are my servers talking to suspicious IP's based in countries I have blocked at the gateway/firewall level?
↧