Hey all
I have a 2.0 proxy server between my internal net and my ISP. Well i put a box in-between the 2 with snort on it and found that proxy server is receiving tons of replies from the isp dns server. They show up as if the dns server was trying to runa portscan. After digging a little I found that MPS has integrated web cacheing. I know make the assumption that it is keeping track of all the webpages that everyone is going to and then periodically checks the ip against the dns server. Ifthis is right or wrong let me know.
The question is: is there anyway to control this feature. I havent come accross an option on the management console for this. My snort logs show that it does it only twice during the night 3 hour interval. Then it does it at 8:17, then 8:40 8:49,8:52 and then not til 12:24. I would really like it to only verify two or three times a day.
Thanks in advance.
Rad
