Why is BotHunter attempting to make outbound connections?
BotHunter is attempting to interact with the BotHunter automated threat intelligence updating service and infection profile repository (located at SRI International, Calif, USA). BotHunter’s threat updating service periodically probes the SRI server to pull in the latest botnet command and control (C&C) blacklist, malware DNS list, and new malware detection rules, which are updated on a regular basis. This allows your fielded BotHunter to maintain its awareness of the latest C&C servers, malware-associated DNS lookups, Russian Business Network address space, and malware control/backdoor ports. The repository service allows your fielded BotHunter to send anonymized infection profiles of detected external C&Cs, egg download sites, exploit sources, and rule detection patterns. It does not report any IP addresses from your trusted net, and BotProfile sources are anonymized and are not tracked. To utilize the BotHunter automated remote updating service, you must enable outbound connections