For a few days, Fortiguard sends me this alert: Quest.NetVault.Backup.Multipart.Request.Header.Buffer.Overflow
The packets come from the visitor wifi network and they are sent to google.com.
I sent a message to Fortinet support and waiting for the answer.
I assume it can be a false positive but the attack context in alert look like:
"AAAAAAAAAAAAAAAAAAAAAAAAAAA8dKW2P=AAAAA"
(not the real string but it contains some “AAAAA” and some base64 string).
How can I investigate further?
