Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Traffic matched by content rules
  •  
perbauer

Messages: 55
Karma: 0
Send a private message to this user
I sometimes get an alert message from Content Rule "Block Peer-to-Peer traffic" and in the message it says;
Connection: xyz.local (192.168.x.x):61624 (Administrator<_at_>xyz.local) -> 8.8.8.8:53, DNS

How come I get alert for (what to me looks like) normal DNS traffic? xyz.local is a legit DNS server that uses Forwarding to Googles DNS at 8.8.8.8. Is it the outgoing port (in this case 61624) that triggers the rule?
Anyone got any idea on how to avoid these alerts?
  •  
perbauer

Messages: 55
Karma: 0
Send a private message to this user
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
Have you checked the settings under Content Filter -> Advanced Settings that relate to suspicious activity (port ranges and connection count)?
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
Have you looked at the settings under Content Filter > Advanced Settings?
These relate to the detection of P2P traffic based on ports and connection counts. You can also define services that are classified 'Safe'.
  •  
perbauer

Messages: 55
Karma: 0
Send a private message to this user
Sure I have, see my first line "alert message from Content Rule". I know where it comes from but why? Why does port 53 here in this case produce an alert?

53 is after all the standard port for DNS, used thousands of times a day between internal server and external DNS server. Here suddenly one DNS question gets an alert. Again I ask, why is it so?

Perhaps it's better I report it as a bug, because that's what I think it is.
Previous Topic: How can exclude one IP address in kerio
Next Topic: Remote from PPPOE Statick address to DC
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Dec 05 09:29:20 CET 2016

Total time taken to generate the page: 0.00971 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.