Community Record
7
Posts
1
Kudos
0
Solutions
Badges
Apr 11 2024
4:41 AM
We run 18.107.2 firmware so I believe we should be runing snort 3.
... View more
Apr 3 2024
5:10 AM
1 Kudo
Thank you Malwina, That is exactly what I see in my local DNSs servers. A lot sites related to microsoft.com so I believe these are a false alarm. Can I whitelist them? I would prefer not to disable them, but whitelist somehow.
... View more
Apr 2 2024
10:17 AM
I have looked through Sysmon logs -22- DNS and don't see anything related to .win on both servers. Just see a bunch of Windows update links to Microsoft so I am not sure if this is false or this real.
... View more
Apr 2 2024
8:41 AM
thanks, I see them now: my DNS1 or DNS2 to ISP DNS (set up on local DNS servers 1&2) and I see them a lot. I have installed Sysmon on both DC/DNS1&2 but I don't see any .win query.
... View more
Apr 2 2024
5:04 AM
Thanks, I dont see any ".win" request in my local DNS logs so it seems like its external. Since we use MX is there any way to check these queries in the log and see what device requests it?
... View more
Apr 2 2024
4:36 AM
Hello, Not sure if this is something we should worry about: Suspicious .win dns query I have looked at local DNS(logs enabled) and I don't even see .win queries in the logs.
... View more
Labels:
- Labels:
-
Firewall
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 2797 |
