OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Amr on February 24, 2020, 03:28:11 pm

Title: ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD
Post by: Amr on February 24, 2020, 03:28:11 pm: Hey guys how's it going,

My IPS alerts is flooded (+3k in a hour)with these messages even when I'm idle (there's currently 1 pc connected to FW).

what is weird is that in the source is shown my wan address, I tried to check the FW log to see if the connection on these ports was initiated from my lan but it didn't, seems that my FW is the one making these DNS queries.
and they are not sent from the 53(DNS port).

should I be worried?is it outbound that's making all these Queries?

I've got a transparent proxy with web filtering and av scanning could it be the proxy?

would it be better if I selected the lan interface instead? :o

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy