ET INFO Observed&Dropped DNS Query to .biz/.cloud TLD

Started by Amr, February 24, 2020, 03:28:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2020, 03:28:11 PM Last Edit: February 24, 2020, 03:36:35 PM by Amr
Hey guys how's it going,

My IPS alerts is flooded (+3k in a hour)with these messages even when I'm idle (there's currently 1 pc connected to FW).

what is weird is that in the source is shown my wan address, I tried to check the FW log to see if the connection on these ports was initiated from my lan but it didn't, seems that my FW is the one making these DNS queries.
and they are not sent from the 53(DNS port).

should I be worried?is it outbound that's making all these Queries?

I've got a transparent proxy with web filtering and av scanning could it be the proxy?

would it be better if I selected the lan interface instead?  :o
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Go Up Pages1
User actions