We are running a trial of the ASA 8.2 BotNet Filter on our production ASA. In the alerts we keep getting notices of a Very High alert for 126.96.36.199. When we look it up we end up seeing that it resolves as hit-nxdomain.opendns.com. Our hunch is that this is traffic that would have been malicious, but that since we use OpenDNS to do some filtering it's returning its own address.
Anyone else ran into this?