[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS queries in Windows XP Professional (SP2)

Posted on 2006-03-20
6
Medium Priority
?
191 Views
Last Modified: 2013-12-04
My firewall is logging frequent attempts by programs on my computer (such as Lotus Notes, Firefox or the Spooler SubSystem App (c:\windows\system32\spoolsv.exe) to communicate with (seemingly random) servers on the internet on port 53.  They are not attempting to access the DNS servers configured in my network settings.  

Does this mean that I have some sort of infection?  

I have scanned my hard disk with several anti-virus and anti-malware programs and have so far discovered nothing ominous.

Is there a way of discovering whether they are doing genuine dns queries or not?  I had a quick look at Ethereal for example.  Unfortunately with my level of knowledge the output was all greek to me.  (Make that ancient greek mixed up with higher, pure mathematics.)

0
Comment
Question by:twixt
5 Comments
 
LVL 15

Expert Comment

by:Computron
ID: 16244243
Are they using TCP or UDP ? Grab the IPs and see if the IP is a legitimate DNS server

The most likely cause is that your configured DNS server has a forwarder that sends you to another DNS server
0
 
LVL 9

Expert Comment

by:imnajam
ID: 16244674
Hi Computron,

check the ipconfig and network settings for those computers, and see what are the primary and secondary DNS servers over there. make sure that they are your local DNS server.

Cheers!
0
 

Author Comment

by:twixt
ID: 16245075
Hi Computron

I hadn't paid attention to that earlier, I wasn't logging that.  But having a look at the past half an hour or so, it appears they are using UDP.  I'll check further when I am online a bit longer.


Hi imnajam

I have looked at the network settings.  The network adaptor has two DNS servers assigned by the ISP.  But these programs are trying to contact servers (I assume) which are not configured.


Thanks
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16559905
PAQed with points refunded (500)

GranMod
Community Support Moderator
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Screencast - Getting to Know the Pipeline
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question