Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD
« previous
next »
Print
Pages: [
1
]
Author
Topic: ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD (Read 6490 times)
Amr
Jr. Member
Posts: 78
Karma: 4
ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD
«
on:
February 24, 2020, 03:28:11 pm »
Hey guys how's it going,
My IPS alerts is flooded (+3k in a hour)with these messages even when I'm idle (there's currently 1 pc connected to FW).
what is weird is that in the source is shown my wan address, I tried to check the FW log to see if the connection on these ports was initiated from my lan but it didn't, seems that my FW is the one making these DNS queries.
and they are not sent from the 53(DNS port).
should I be worried?is it outbound that's making all these Queries?
I've got a transparent proxy with web filtering and av scanning could it be the proxy?
would it be better if I selected the lan interface instead?
«
Last Edit: February 24, 2020, 03:36:35 pm by Amr
»
Logged
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD