So, just this evening I started to get the following warning:
---
Intrusion Prevention Alert
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future,
set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: BLACKLIST DNS request for Hola VPN domain hola.org
Details........: https://www.snort.org/search?query=37307
Time...........: 2017-01-06 23:13:29
Packet dropped.: no
Priority.......: high
Classification.: Potential Corporate Privacy Violation
IP protocol....: 17 (UDP)
Source IP address: 192.168.0.6 (dc.network.net)
Source port: 58419
Destination IP address: 209.197.128.2 (dns1.distributel.net)
Destination port: 53 (domain)
Home -
---
The thing is, I've checked my pc, my DC, and my NAS, and none of them have VPNs installed, and nothing I can tell that should be connecting to hola.org (there was a second one with holanetworksltd.netdna-cdn.com )
Is there an effective way to make sure that no traffic is going in/out of hola networks vpn (a WELL known source of botnets, etc).
This thread was automatically locked due to age.
