Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    So many ntopng error flows.

    Scheduled Pinned Locked Moved
    Traffic Monitoring
    1
    1
    511
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deanfourie
      last edited by

      I have unexpected DNS and DHCP setup with notifications. I get so many unexpected DNS server traffic alerts and suspicious DGA Domains alerts.

      Could you please explain what this means. I would have thought these were DNS queries rather then DNS servers.

      Also, the suspicious DGA domains do not look like suspicious DGA domains to me.

      Thanks

      [31/07/2022 12:22:15] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:5817 150.171.10.36:53] Suspicious DGA Domain tm1.edgedns-tm.info
[31/07/2022 12:22:15] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:49824 13.107.206.36:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:31624 64.4.48.4:53] Suspicious DGA Domain tm1.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:30005 40.90.4.4:53] Suspicious DGA Domain tm1.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:6593 150.171.16.36:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:52333 150.171.16.36:53] Suspicious DGA Domain tm1.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:53105 150.171.16.36:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:22:16] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:36707 13.107.160.4:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:22:34] [hn1] [Error] [Susp. DNS Traffic][Flow][172.16.101.12:64588 pfsense.home.arpa:53] Susp. DNS Traffic
[31/07/2022 12:22:35] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:55833 8.8.8.8:53] Unexpected DNS server found: 8.8.8.8
[31/07/2022 12:22:35] [hn1] [Error] [Unexpected DNS server found][Flow][172.16.101.10:39586 8.8.8.8:53] Unexpected DNS server found: 8.8.8.8
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:36173 13.107.206.39:53] Unexpected DNS server found: 13.107.206.39
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:28044 216.239.38.107:53] Unexpected DNS server found: 216.239.38.107
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:49998 150.171.10.240:53] Unexpected DNS server found: 150.171.10.240
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:53977 150.171.10.39:53] Unexpected DNS server found: 150.171.10.39
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:58765 40.90.4.1:53] Unexpected DNS server found: 40.90.4.1
[31/07/2022 12:22:46] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:46440 198.51.45.72:53] Unexpected DNS server found: 198.51.45.72
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:64531 192.82.134.30:53] Unexpected DNS server found: 192.82.134.30
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:5761 13.107.160.3:53] Unexpected DNS server found: 13.107.160.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:63264 40.90.4.1:53] Unexpected DNS server found: 40.90.4.1
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:61041 23.216.54.94:53] Unexpected DNS server found: 23.216.54.94
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:50701 13.107.160.2:53] Unexpected DNS server found: 13.107.160.2
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:13972 13.107.160.3:53] Unexpected DNS server found: 13.107.160.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:65156 64.4.48.3:53] Unexpected DNS server found: 64.4.48.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:16158 13.107.24.2:53] Unexpected DNS server found: 13.107.24.2
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:15391 13.107.24.1:53] Unexpected DNS server found: 13.107.24.1
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:40988 13.107.160.1:53] Unexpected DNS server found: 13.107.160.1
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:4281 13.107.24.6:53] Unexpected DNS server found: 13.107.24.6
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:39464 64.4.48.4:53] Unexpected DNS server found: 64.4.48.4
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:33985 13.107.24.2:53] Unexpected DNS server found: 13.107.24.2
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:41692 40.90.4.3:53] Unexpected DNS server found: 40.90.4.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:37578 13.107.24.3:53] Unexpected DNS server found: 13.107.24.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:22963 64.4.48.3:53] Unexpected DNS server found: 64.4.48.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:36671 64.4.48.5:53] Unexpected DNS server found: 64.4.48.5
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:7651 13.107.160.2:53] Unexpected DNS server found: 13.107.160.2
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:65394 13.107.24.3:53] Unexpected DNS server found: 13.107.24.3
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:11655 40.90.4.1:53] Unexpected DNS server found: 40.90.4.1
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:30572 13.107.160.4:53] Unexpected DNS server found: 13.107.160.4
[31/07/2022 12:22:49] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:4934 13.107.206.34:53] Unexpected DNS server found: 13.107.206.34
[31/07/2022 12:22:50] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:14276 184.85.248.193:53] Unexpected DNS server found: 184.85.248.193
[31/07/2022 12:22:50] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:38059 13.107.160.5:53] Unexpected DNS server found: 13.107.160.5
[31/07/2022 12:22:50] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:15438 13.107.160.1:53] Unexpected DNS server found: 13.107.160.1
[31/07/2022 12:22:50] [hn0] [Error] [Unexpected DNS server found][Flow][192.168.8.67:58244 40.90.4.2:53] Unexpected DNS server found: 40.90.4.2 


      [31/07/2022 12:52:48] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:18558 13.107.160.4:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:52:48] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:20496 13.107.160.4:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:52:48] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:29207 13.107.160.4:53] Suspicious DGA Domain tm2.edgedns-tm.info
[31/07/2022 12:52:48] [hn0] [Error] [Susp. DGA Domain][Flow][192.168.8.67:23340 13.107.160.4:53] Suspicious DGA Domain tm2.edgedns-tm.info
      1 Reply Last reply Reply Quote 0
      • First post
        Last post