cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

THREAT ALERT : high : 169.254.254.238 -> 169.254.255.255 Microsoft Windows NAT Helper DNS Query Denial of Service(31339) alert

L3 Networker

Hello Team,

We got the below threat alert from the panorama and not able to understand the most of the part , like source and Destination . Both IP looks the outside my network but still its showing the rule: Outbound_Default_URL_IPS . One of my outbound policy with threat prevention rule. Can any one please explain me this .

Wondering How can an external IP be the source IP on an internal interface of the firewall?

THREAT ALERT : high : 169.254.254.238 -> 169.254.255.255 Microsoft Windows NAT Helper DNS Query Denial of Service(31339) alert

domain: 1
receive_time: 2014/08/13 03:10:35
serial: 001801004403
seqno: 30536660
actionflags: 0x0
type: THREAT
subtype: vulnerability
config_ver: 1
time_generated: 2014/08/13 03:10:30
src: 169.254.254.238
dst: 169.254.255.255
natsrc:
natdst:
rule: Outbound_Default_URL_IPS
srcuser:
dstuser:
srcloc: 169.254.0.0-169.254.255.255
dstloc: 169.254.0.0-169.254.255.255
app: dns
vsys: vsys1
from: trust
to: untrust
inbound_if: ethernet1/2
outbound_if: ethernet1/1
logset: Panorama
time_received: 2014/08/13 03:10:34
sessionid: 7567
repeatcnt: 1
sport: 53
dport: 53
natsport: 0
natdport: 0
flags: 0x80000000
proto: udp
action: alert
cpadding: 0
threatid: Microsoft Windows NAT Helper DNS Query Denial of Service(31339)
category: any
contenttype:
behavior: 0x0400000000000000000000000000000000000000000000000000000000000000
severity: high
direction: client-to-server
misc:

Who Me Too'd this topic