For some time, I had a computer connecting to the following IPs:
5.45.62.92
181.41.213.131
179.61.195.50
69.64.57.69
and my IPS system has been flagging them as non-compliant DNS traffic. The IPs are located in Chile, Brazil, and the CZECH REPUBLIC.
Can some light please be shed on the purpose of this? For the time being, i blocked any and all traffic to and from these IPs.
Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set. From: X.X.X.X:50525, to: 5.45.62.92:53, protocol: UDP 8:18 pm 02/10/2020
Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set. From: X.X.X.X:50523, to: 181.41.213.131:53, protocol: UDP 8:18 pm 02/10/2020
Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set. From: X.X.X.X:50520, to: 179.61.195.50:53, protocol: UDP 8:18 pm 02/10/2020
Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set. From: X.X.X.X:53725, to: 69.64.57.69:53, protocol: UDP 8:17 pm 02/10/2020
Threat Management Alert 1: Potential Corporate Privacy Violation. Signature ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set. From: X.X.X.X:53725, to: 69.64.57.69:53, protocol: UDP 8:17 pm 02/10/2020
Are you part of the IT Department or an End-User? If the latter, you need to go see your IT Department.
If the former, you should be posting here: https://forum.avast.com/index.php?board=77.0