I am getting IPS alerts when I us my astaro as a name server for my internal systems.
From a command line I do nslookup then set the server to 10.0.0.1 "thats my astaro" the attempt to look up any name I get the following from any machine I test
Intrusion Protection Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: BAD-TRAFFIC Conficker C/D DNS traffic detected
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=15450
Time...........: 2009:05:30-00:19:01
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: A Network Trojan was detected IP protocol....: 17 (UDP)
Source IP address: 10.0.0.6
- http://www.dnsstuff.com/tools/ptr.ch?ip=10.0.0.6
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Source port: 56236
Destination IP address: 10.0.0.1 (roberts-house.homeip.net)
- http://www.dnsstuff.com/tools/ptr.ch?ip=10.0.0.1
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
Destination port: 53 (domain)
