Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Strange DNS traffic

GünterGünter Newbie ✭
in Entry Level Firewalls

Hello,

i am trying to optimiz my lab environment and at the moment it is DNS is am working on.

Sonicwall is configured as proxy, external interface is 192.168.8.3.

Router is 192.168.8.1

What is strange - packet capture is showing this packets:

===========================

Ethernet Header

 Ether Type: IP(0x800), Src=[2c:b8:ed:a5:12:31], Dst=[2c:b8:ed:a5:12:31]

IP Packet Header

 IP Type: UDP(0x11), Src=[10.0.0.1], Dst=[192.168.8.3]

UDP Packet Header

 Src=[53], Dst=[57720], Checksum=0x1397, Message Length=138 bytes

Application Header

 DNS:

Value:[0]

Consumed, Module Id:48 2:2)

===========================

Seems like IP 10.0.0.1 is sending a DNS request to the external interface.

The MAC for sender and receiver is identical?

So i thought there might be any config in the firewall using 10.0.0.1 on X1 interface but there's none i can find in the tech support file.

Any idea what is causing this traffic?

Thx


G.

Category: Entry Level Firewalls
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Günter I have no real explanation for this, but the 10.0.0.1 seems to give the reply packet to 192.168.8.3.

    • Did you search the TSR for 10.0.0.1?
    • Can you find 10.0.0.1 in your ARP cache?
    • Did you examined the DNS packets to see what the Request and Reply was, maybe this provides more info?

    --Michael@BWC

Sign In or Register to comment.