Our firewall periodically reports the following event. There is no pattern the date or times that it occurs but it has been occuring for months. The internal information appears to be randomly generated from possibly AD. The computer referenced is not even on the network and the IP address was random as well however it was in the range used by our VPN.
I have perfromed WHOIS on the IP and domain and ikatel.net is registered to a company in Mali.
I have not found anything on local workstations.
Deny tcp src inside:XXX.XXX.X.XXX (systemax)/3888 dst outside:196.200.80.222 (dial222.ikatelnet.net)/25 by access-group "inside_access_in"
Has anyone seen this or something similar that just drives them crazy?