I got this alert from suricata

i’ve installed suricata and i got this alert.
can you tell me what does that mean?

the message:

“10/10/2022-23:20:01.774684 [] [1:2023472:7] ET POLICY External IP Lookup Domain (myip .opendns .com in DNS lookup) [] [Classification: Device Retrieving External IP Address Detected] [Priority: 2] {UDP} 192.168.1.6:59874 → 208.67.222.222:53”

The alert means that your system is doing IP lookup for an external resource. As you can see it is looking up DNS servers so I will assume some services on your machine is just doing a normal DNS lookup.

1 Like

But why this service is looking up for an unkown DNS server,
my primary DNS is 8.8.8.8, and the secondary is 41.226.16.50 as the screenshot shows
thank you

The dns is not unknown. That IP belongs to Cisco OpenDNS. Maybe you are using cisco router or some Cisco network device.

1 Like