Hello, I have configured DNS trap, first in R77.30 and we have now R80.10, according to sk74060. Also added an internal DNS server for better identification. We see some internal DNS trap alerts coming from internal DNS server. We cannot identify the real client who is actually making the DNS request. I think we have to correlate ourselves from DNS log from the internal DNS server ?
But we also see that the external IP address we are using for DNS trap is attracting a lot, a very lot, of external IP addresses trying to access this IP address on almost every port. Far more than the other external IP addresses in use. Can someone explain ? I hope not that the DNS Trap IP address is in some way now also an external attraction ? Can someone explain this a bit more indepth ?
Thanks and kind regards,