Viewing Detected Suspicious Clients

SonicOS/X displays information about all hosts that have established a DNS tunnel in the Detected Suspicious Clients Info table.

To view detected suspicious client Information

1. Navigate to Network | DNS > DNS Security.
2. Click on the Detected Suspicious Clients Info tab.

This table is populated only if DNS tunnel detection is enabled. Hosts are dropped only if blocking clients DNS traffic is enabled. For more information, refer to Configuring DNS Tunneling Detection.

IP Address	IP address of the suspicious client
MAC Address	MAC address of the suspicious client
Detection Method	DNS type used to detect suspicious clients: Normal DNS Type: A, AAAA, CNAME Corner DNS Type: such as TXT, NULL, SRV, PRIVATE, MX
Interface	Interface on which the host establishing the DNS tunnel was detected
Block	Indicates whether the host was blocked