Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Command and Control Servers: More Information

 

Command and control (C&C) servers remotely send malicious commands to a botnet, or a network of compromised computers. The botnets can be used to gather sensitive information, such as account numbers or credit card information, or to participate in a distributed denial-of-service (DDoS) attack.

When a host on your network tries to initiate contact with a possible C&C server on the Internet, the SRX Series device can intercept the traffic and perform an enforcement action based on real-time feed information from Juniper ATP Cloud. The Web UI identifies the C&C server IP address, it’s threat level, number of times the C&C server has been contacted, etc.

An FP/FPN button lets you report false positive or false negative for each C&C server listed. When reporting false negative, Juniper ATP Cloud will assign a C&C threat level equal to the global threat level threshold you assign in the global configuration (Configure > Global Configuration).

Juniper ATP Cloud blocks that host from communicating with the C&C server and can allow the host to communicate with other servers that are not on the C&C list depending on your configuration settings. The C&C threat level is calculated using a proprietary algorithm.

You can also use the show services security-intelligence statistics or show services security-intelligence statistics profile profile-name CLI commands to view C&C statistics.

In the following example, the C&C profile name is cc_profile.

You can also use the show services security-intelligence category detail category-name category-name feed-name feed-name count number start number CLI command to view more information about the C&C servers and their threat level.

Note

Set both count and start to 0 to display all C&C servers.

For example: