Hi,
first the Upgrade to the new version worked without any problems and the system and also Suricata is running.
What i can see over the last days are a lot of Suricata logs for connections with DNS servers.
I have a DNS server from our provider (German Telekom) and also from Google configured an I get the messages for both systems.
Datum: | 10/25 04:33:13 | Name: | SURICATA STREAM 3way handshake SYNACK with wrong ack | |
---|---|---|---|---|
— | — | — | — | |
Priorität: | 3 | Typ: | Generic Protocol Command Decode | |
IP-Info: | 217.0.43.193:53 → 192.168.1.2:57442 | |||
Referenzen: | nichts gefunden | SID: | 2210007 | |
Datum: | 10/25 04:33:13 | Name: | SURICATA STREAM 3way handshake SYNACK with wrong ack | |
— | — | — | — | |
Priorität: | 3 | Typ: | Generic Protocol Command Decode | |
IP-Info: | 8.8.8.8:53 → 192.168.1.2:46304 | |||
Referenzen: | nichts gefunden | SID: | 2210007 |
If you look for the reference number you will find nothing and i can also find no rule for this.
We use the VTR rules for registered users and they worked in the past without any problems.
At the moment I’m a little bit scared that Suricata blocks connections to the DNS servers and make it so difficult to work with all the systems in the internal network.
Best
Silvio