Solved

DNS.exe communication on IRC ports

Posted on 2013-06-07
1
1,855 Views
Last Modified: 2013-06-07
We had a whole load of alerts on our Mcafee system saying it blocked DNS.exe for communicating on IRC ports (6666-6669 I think)

I spoke to MCAfee who said ignore it. But I would like to know WHY this is happening (across multiple domains and DNS Servers).

http://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx

Is there a legitimate reason why?

Everything "seems" to be normal in terms of function.
0
Comment
Question by:bikerhong
1 Comment
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 39228936
Hi,

The problem of all that sort of firewall software is that they know nothing about RPC dialogs.

RPC dialog uses dynamically negociated TCP ports.
If for any reason the DNS service on your Windows server has to dialog through a RPC session with another server it may use any port above TCP 1024...

To be more precise an answer efficiently to your question we need more details about this "suspicious" alert.
But this will require very "heavy" actions: network traffic captures, network map, ...

If the DNS service is installed on Windows 2008 or Windows 2008 R2 I would personnaly rely on the integrated Firewall service that is efficient and smart. The integrated firewall on Windows takes care of installed roles to update its rules and is able to understand RPC negociations and so is able to accept dynamic ports when they are needed.

If you're on Windows 2008 (R2 or not) my advice is to disable any firewall feature on McAfee and let the integrated firewall do its job.

This is my opinion, other experts may have another one.


Have a good day.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question