Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1071 Views 1 Reply Latest reply: May 27, 2013 5:36 PM by tjaynes RSS
MaxPat The Place at McAfee Member 71 posts since
Jan 4, 2011
Currently Being Moderated

Nov 26, 2012 9:09 AM

UDP: Port Scan alert generated for DNS traffic

Hello:

 

NSP its presenting this alert sometimes, when a DNS request is generated from a host, it returns this error:

 

I masked the IP's, but the source IP is the DNS Server.

 

I understand is the intended behavior, but Its there a fix to this?

 

  • tjaynes Newcomer 19 posts since
    May 27, 2013
    Currently Being Moderated
    1. May 27, 2013 5:36 PM (in response to MaxPat)
    Re: UDP: Port Scan alert generated for DNS traffic

    Check the thresholds set on the UDP: Port Scan alert/signature. if it's to low, then a few simple DNS queries (that run over UDP) will trigger it. You can always bring that threshold up if there are known systems within your environment that trigger this signature. You can also filter out your DNS system since this is intended network traffic typically.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points