Fortiview showing heavy dns traffic from my account

Forum|Forum|7 years ago
January 28, 2019
1 reply
3208 views

I have noticed from Fortiview that my user account is listed as a top source of traffic, it is coming from the primary domain controller and it is DNS traffic. I did a screenshot. the first one part marked out is my user name, the next is the primary domain controller/dns ip and the last is name of the domain controller. How do I remedy this?

dns traffice.PNG

Dave_Hall

New Member

Not sure I understand what the problem is? Unless you took a screenshot of total traffic, it's not uncommon to see a lot of DNS traffic, though 17,651 seems excessive (which is why I thought that graph is total traffic). I am guessing DNS is setup on the DC. If you think there is an issue, you may want to check the DNS settings/logs on the DC and/or check your workstation for DNS resolution issues and/or physical cable/NIC issues (e.g. duplex/speed/faulty wiring/cable). I am going to assume the DC is in separate subnet than your workstation?

WilnelAuthor

New Member

yes the dc is on a separate subnet from my workstation. Also it gets well to at least 21000 and thats every hour.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded