[7.500][BUG][ANSWERED] PPTP / DNS / IPS issue

Hi folks,

another isse - when I diailin using PPTP (SSL VPN has the same) I can't resolve INTERNAL host via DNS. External hosts are working.

As soon I disable IPS I can resolve my internal host too...

IPS-Log:

2009:09:28-10:57:27 gateway snort[14244]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="DNS dns response for rfc1918 192.168/16 address detected" group="241" srcip="192.168.x.x" dstip="192.168.1.zzz" proto="17" srcport="53" dstport="62137" sid="15935" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0" 

2009:09:28-10:57:27 gateway snort[14244]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="DNS dns response for rfc1918 192.168/16 address detected" group="241" srcip="192.168.y.y" dstip="192.168.1.zzz" proto="17" srcport="53" dstport="49482" sid="15935" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"

Parents

0 andyk007 over 15 years ago

hm looks like an false postive of ips. Is it possible that you can create us an tcpdump of the traffic if the problem exist?

greetings
andreas
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 andyk007 over 15 years ago

hm looks like an false postive of ips. Is it possible that you can create us an tcpdump of the traffic if the problem exist?

greetings
andreas
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data