troubleshooting Question

DNS.exe coming from foreign IP addresses

Avatar of new435
new435Flag for United States of America asked on
SecurityOS SecurityWindows Server 2008
3 Comments1 Solution1268 ViewsLast Modified:
We have a client who has been getting some unauthorized access errors lately. I just looked into the server , it is almost 10pm where I am, and noticed a whole bunch of DNS.EXE services on the server with foreign IP addresses. After a few minutes of watching they suddenly disappeared and everything looks normal.

Needless to say I am wondering if my client is getting attacked but more worried if these users are actually gaining access. I noticed yesterday that the IP 203.120.219.196 had attempted logins on the server, and this traces back to the Asia Pacific Network Information Center. I wish i had time to write the other IP's down that had the DNS.EXE services on the machine running but they disappeared. It doesn't surprise me that some unauthorized accesses are attempted, given how prevalent port scanning attacks and such are, but the DNS.EXE services to the foreign addresses worried me.

I've since shut down RDP services to the server. Should the server have these DNS.EXE services accessing the network? My guess is not. I was looking for a way to help mitigate these threats and I am going to recommend a newer, better firewall for the client. Other then that what else can I do.

Some Background Information:

Windows Server 2008
Runs AD, DHCP, DNS, File Sharing, Firewall is disabled for program accessing purposes.
The current firewall is a Netscreen 5XP (hence my need to recommend a better one)

If i go into the security access logs i often see:
Source Network Address:   ::1
Source Port:                           0
What does that mean?

In addition the Windows Logon process on the server has been failing lately, usually once or twice a day.

Thanks!
ASKER CERTIFIED SOLUTION
Andrej Pirman

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros