DNS.exe communication on IRC ports

We had a whole load of alerts on our Mcafee system saying it blocked DNS.exe for communicating on IRC ports (6666-6669 I think)

I spoke to MCAfee who said ignore it. But I would like to know WHY this is happening (across multiple domains and DNS Servers).


Is there a legitimate reason why?

Everything "seems" to be normal in terms of function.
Who is Participating?
Bruno PACIConnect With a Mentor IT ConsultantCommented:

The problem of all that sort of firewall software is that they know nothing about RPC dialogs.

RPC dialog uses dynamically negociated TCP ports.
If for any reason the DNS service on your Windows server has to dialog through a RPC session with another server it may use any port above TCP 1024...

To be more precise an answer efficiently to your question we need more details about this "suspicious" alert.
But this will require very "heavy" actions: network traffic captures, network map, ...

If the DNS service is installed on Windows 2008 or Windows 2008 R2 I would personnaly rely on the integrated Firewall service that is efficient and smart. The integrated firewall on Windows takes care of installed roles to update its rules and is able to understand RPC negociations and so is able to accept dynamic ports when they are needed.

If you're on Windows 2008 (R2 or not) my advice is to disable any firewall feature on McAfee and let the integrated firewall do its job.

This is my opinion, other experts may have another one.

Have a good day.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.