Solved

DNS.exe communication on IRC ports

Posted on 2013-06-07
1
1,802 Views
Last Modified: 2013-06-07
We had a whole load of alerts on our Mcafee system saying it blocked DNS.exe for communicating on IRC ports (6666-6669 I think)

I spoke to MCAfee who said ignore it. But I would like to know WHY this is happening (across multiple domains and DNS Servers).

http://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx

Is there a legitimate reason why?

Everything "seems" to be normal in terms of function.
0
Comment
Question by:bikerhong
1 Comment
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 39228936
Hi,

The problem of all that sort of firewall software is that they know nothing about RPC dialogs.

RPC dialog uses dynamically negociated TCP ports.
If for any reason the DNS service on your Windows server has to dialog through a RPC session with another server it may use any port above TCP 1024...

To be more precise an answer efficiently to your question we need more details about this "suspicious" alert.
But this will require very "heavy" actions: network traffic captures, network map, ...

If the DNS service is installed on Windows 2008 or Windows 2008 R2 I would personnaly rely on the integrated Firewall service that is efficient and smart. The integrated firewall on Windows takes care of installed roles to update its rules and is able to understand RPC negociations and so is able to accept dynamic ports when they are needed.

If you're on Windows 2008 (R2 or not) my advice is to disable any firewall feature on McAfee and let the integrated firewall do its job.

This is my opinion, other experts may have another one.


Have a good day.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now