Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Command and Control Servers Overview

 

Access this page from the Monitor menu.

Note

C&C and Geo IP filtering feeds are only available with a Juniper ATP Cloud premium or basic license.

Note

At this time, C&C URL feeds are not supported with SSL forward proxy.

The C&C servers page lists information on servers that have attempted to contact and compromise hosts on your network. A C&C server is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them.

Benefits of Command and Control Server Feeds

  • Using C&C feeds adds another layer of protection to your network, preventing the creation of botnets from within your network. Botnets gather sensitive information, such as account numbers or credit card information, and participate in distributed denial-of-service (DDoS) attacks.

  • Using C&C feeds also prevents botnets from communicating with hosts within your network in an attempt to gather information or launch an attack.

Note

You can allowlist C&C servers from the details page. See Command and Control Server Details.

The following information is available on this page.

Table 1: Command & Control Server Data Fields

Field

Definition

C&C Server

The IP address of the suspected command and control server.

C&C Threat Level

The threat level of the C&C server as determined by an analysis of actions and behaviors.

Hits

The number of times the C&C server has attempted to contact hosts on your network.

C&C Country

The country where the C&C server is located.

Last Seen

The date and time of the most recent C&C server hit.

Protocol

The protocol (TCP or UDP) the C&C server used to attempt communication.

Client Host

The IP address of the host the C&C server attempted to communicate with.

Action

The action taken on the communication (permitted or blocked).