Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS.exe communication on IRC ports

Posted on 2013-06-07
1
Medium Priority
?
2,007 Views
Last Modified: 2013-06-07
We had a whole load of alerts on our Mcafee system saying it blocked DNS.exe for communicating on IRC ports (6666-6669 I think)

I spoke to MCAfee who said ignore it. But I would like to know WHY this is happening (across multiple domains and DNS Servers).

http://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx

Is there a legitimate reason why?

Everything "seems" to be normal in terms of function.
0
Comment
Question by:bikerhong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 39228936
Hi,

The problem of all that sort of firewall software is that they know nothing about RPC dialogs.

RPC dialog uses dynamically negociated TCP ports.
If for any reason the DNS service on your Windows server has to dialog through a RPC session with another server it may use any port above TCP 1024...

To be more precise an answer efficiently to your question we need more details about this "suspicious" alert.
But this will require very "heavy" actions: network traffic captures, network map, ...

If the DNS service is installed on Windows 2008 or Windows 2008 R2 I would personnaly rely on the integrated Firewall service that is efficient and smart. The integrated firewall on Windows takes care of installed roles to update its rules and is able to understand RPC negociations and so is able to accept dynamic ports when they are needed.

If you're on Windows 2008 (R2 or not) my advice is to disable any firewall feature on McAfee and let the integrated firewall do its job.

This is my opinion, other experts may have another one.


Have a good day.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question