NtopNG Incorrect WAN Hostname in Alerts
-
Greetings,
Tried searching first, of course, but didn't see what i was after.
Troubling item : in the NtopNG interface for alerts, the alerted flows display the remote hostname:port properly, but the flow's reported hostname for my WAN interface is all over the map. Seemingly random hostnames are showing.
It's as though NtopNG attempts to resolve my WAN IP and gets ... hostnames from all over the place. A restart of NtopNG corrects for a short while, then back to craziness.
Any ideas as to why this is? Thanks!
-
Still ongoing. Not sure where it's even getting the hostnames ... doesn't seem to be triggered by anything in particular and isn't tied to legit outgoing visits either.
There is no one else ever seeing their WAN interface's hostname being displayed in alerts as random hostnames?
-
@anotheruserwithquestions
Yes same issue. Our WAN interfaces got names like www.youporn.com, reddit.com, xvideos.com, etc.
In the Host details page, the Source of the "Additional Host Names" is DNS Resolution.
In the ntopng settings page, we changed the DNS Mode
from "Decode DNS responses and resolve local numeric IPs only (default)" to "Don't decode DNS responses and don't resolve numeric IPs". It helped for a while and then the wrong names started coming back again.
-
@cheemg Facing the same issue. On wan address, it is saying DNS Name xvideos.com , which is not a good thing in professional market.
-
@ShahidAkhter
We have same problem xvideos as name host. There must be a solution somwhere. Anyone any idea?