Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dyop_Geop
New Contributor

Created on ‎09-23-2014 08:03 PM

unknown Source Consuming bandwidth

May I ask, what could be this “viewpaulbusinezs.no-ip.org (0.0.0.0)” mentioned in the screenshot below? In the screenshot also is the configuration of the widget for your reference. How can I trace what is this or who is this?
Preview file
189 KB
18543
0 Kudos
24 REPLIES 24
Dave_Hall
Honored Contributor

Created on ‎09-23-2014 09:51 PM

What shows up if you do not resolve hostnames? Are you able to click on the entry to for detailed info? (Most logs allow you to drill down into sessions).

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4735
0 Kudos
FatalHalt
Contributor II

Created on ‎09-24-2014 10:20 AM

No-ip is a dynamic DNS provider. The fortigate might be tripping over itself trying to resolve this properly. Like Dave mentioned, try to see if the IP is present when you turn off DNS resolution.
4735
0 Kudos
netmin
Contributor II

Created on ‎09-24-2014 11:45 AM

To me it looks like you have (serious?) DNS issues. If this is your private network, the name is resolved by reverse lookup to the defined DNS server. Wouldn' t this mean the defined (your?) DNS server thinks a host in range 172.[16-31].x.y is the displayed no-ip host? Forward lookup returns indeed 0.0.0.0 when using a public DNS.
4735
0 Kudos
netmin
Contributor II

Created on ‎09-24-2014 12:06 PM

...and I know that this is not something any admin ever wants to hear, so please don' t beat me for this: Taking your previous post into account: have you checked that this DNS server is still working safe and secured under your control?

4724
0 Kudos
Dyop_Geop
New Contributor

Created on ‎09-25-2014 01:16 AM

Hi Sir Dave, thanks for the reply. I can' t click the entry. Right now, viewpaulbussinezs is gone. Only 0.0.0.0 is showing. (please see attached) Sorry I' m not familiar on how to check in the fortigate if there are unresolved hostnames. How do I do this?
Preview file
79 KB
4724
0 Kudos
Dyop_Geop
New Contributor

Created on ‎09-25-2014 01:21 AM

Hi netmin, thanks too for replying. the other DNS issue I posted is a different case.
4724
0 Kudos
Dyop_Geop
New Contributor

Created on ‎09-25-2014 01:25 AM

If I right click the entry, and select View Matching Sessions. This is what i get. (I dunno if this can help)
Preview file
41 KB
4724
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎09-25-2014 08:49 AM

If you can find the policy-id# than you can confirm from the cli, diag sys session filter policy 1 diag sys session list

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4702
0 Kudos
Istvan_Takacs_FTNT
Staff
Staff

Created on ‎09-25-2014 04:39 PM

I' d suggest to read the following article first; Microsoft Seized No-IP Domains, Millions of Dynamic DNS Service Users Suffer Outage http://thehackernews.com/2014/06/microsoft-seized-no-ip-domains-millions.html Than run update virus/malware scanner on your LAN hosts. BTW, 0.0.0.0 means that the host has no published record: $ dig +short @nf1.no-ip.com viewpaulbussinezs.no-ip.org 0.0.0.0
4680
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.