Author Topic: Lightspeed Rocket blocking  (Read 6095 times)

0 Members and 1 Guest are viewing this topic.

  • Guest
Lightspeed Rocket blocking
« on: October 29, 2013, 09:03:00 PM »
Looking over my Lightspeed blocked reports, is see that there are lots of reports of blocked activity pointing to things like The address changes slightly every time.
What is this and what effect is blocking these having on my system.
Thank you in advance.

  • Guest
Re: Lightspeed Rocket blocking
« Reply #1 on: October 31, 2013, 04:46:32 PM »
Update: It appears as if each client is trying to reach this address, as I have 60,000 blocks on a 700+ client network, to this address in the past week. The clients are set to check the EAS server before connecting to the internet for updates and each machine is updating the virus definitions properly. I have nearly as many blocks to

  • Guest
Re: Lightspeed Rocket blocking
« Reply #2 on: April 29, 2015, 10:18:24 PM »
I can across this post researching an event on our web servers. The web servers (Apache) became unresponsive with these entries in the logs: - - [28/Apr/2015:22:17:58 -0700] "GET /R/A0cKIDZENzdEMEFFRTVGNDUxMTlBQUUyMTdBMUVFRjkwNjdFEgQBIwIVGI0BIgECKgcIBBDKzcEvOICAnFBIgICAgPr_____AQ== HTTP/1.1" 404 45838 "-" "-" - - [28/Apr/2015:22:17:58 -0700] "POST /R/A2MKIGFmNzdhZTU2NDgzODQ2MGRiZmNlNzhkNmEyZTczMWMyEgQAJgIVGKACIgH_KgcIBBCmqb4vOKCRgFBCIBocnnCAdnMjL-3u6DMt9g8Y0QVWKPqxpE_s7X49_4DASICDmAg= HTTP/1.1" 404 45889 "-" "-" is our web proxy, but our web app reported an Chinanet IP as a referrer.

I'm guessing the DNS was hijacked and users were unknowingly redirected to our site for Avast updates...