We help IT Professionals succeed at work.

DNS.exe coming from foreign IP addresses

1,261 Views
Last Modified: 2012-02-13
We have a client who has been getting some unauthorized access errors lately. I just looked into the server , it is almost 10pm where I am, and noticed a whole bunch of DNS.EXE services on the server with foreign IP addresses. After a few minutes of watching they suddenly disappeared and everything looks normal.

Needless to say I am wondering if my client is getting attacked but more worried if these users are actually gaining access. I noticed yesterday that the IP 203.120.219.196 had attempted logins on the server, and this traces back to the Asia Pacific Network Information Center. I wish i had time to write the other IP's down that had the DNS.EXE services on the machine running but they disappeared. It doesn't surprise me that some unauthorized accesses are attempted, given how prevalent port scanning attacks and such are, but the DNS.EXE services to the foreign addresses worried me.

I've since shut down RDP services to the server. Should the server have these DNS.EXE services accessing the network? My guess is not. I was looking for a way to help mitigate these threats and I am going to recommend a newer, better firewall for the client. Other then that what else can I do.

Some Background Information:

Windows Server 2008
Runs AD, DHCP, DNS, File Sharing, Firewall is disabled for program accessing purposes.
The current firewall is a Netscreen 5XP (hence my need to recommend a better one)

If i go into the security access logs i often see:
Source Network Address:   ::1
Source Port:                           0
What does that mean?

In addition the Windows Logon process on the server has been failing lately, usually once or twice a day.

Thanks!
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Leon FesterSenior Solutions Architect

Commented:
If you suspect unauthorized access to your network, and then test your firewall for open ports by running a test against your firewall.

A free scanner is Shields UP.
https://www.grc.com/x/ne.dll?bh0bkyd2

Run the test and see what it finds open...

Author

Commented:
no comment

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.