Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 5079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Odd "DNS" traffic

darrellr_01
I am seeing log entries like this every 15 seconds:
2015:08:03-22:57:29 sophosutm ulogd[5274]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="x.x.x.x" dstip="208.67.220.220" proto="17" length="28" tos="0x00" prec="0x00" ttl="64" srcport="43978" dstport="53" info="nf_ct_dns: dropping packet: Inappropriately formated record: Only -45 left for type and class

2015:08:03-22:57:29 sophosutm ulogd[5274]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="x.x.x.x" dstip="208.67.222.222" proto="17" length="28" tos="0x00" prec="0x00" ttl="64" srcport="56030" dstport="53" info="nf_ct_dns: dropping packet: Inappropriately formated record: Only -12 left for type and class

Anyone else seeing this in their logs?  When I capture the traffic there is not a valid DNS request, I am just not sure what it is doing.  I started as soon as I upgraded to 9.314GA and I just completed a reinstall/restore and it is still doing it now.


This thread was automatically locked due to age.
Parents
  • 0
    I have this too every minute.
    I have set up my DNS forwarders as availability group with checking on port 53 UDP (according to the best practice mentioned in this board):


    I guess this is the cause...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    I have this too every minute.
    I have set up my DNS forwarders as availability group with checking on port 53 UDP (according to the best practice mentioned in this board):


    I guess this is the cause...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
No Data
Unfiltered HTML