Solved

DNS.exe communication on IRC ports

Posted on 2013-06-07
1
1,823 Views
Last Modified: 2013-06-07
We had a whole load of alerts on our Mcafee system saying it blocked DNS.exe for communicating on IRC ports (6666-6669 I think)

I spoke to MCAfee who said ignore it. But I would like to know WHY this is happening (across multiple domains and DNS Servers).

http://technet.microsoft.com/en-us/library/dd197515%28v=ws.10%29.aspx

Is there a legitimate reason why?

Everything "seems" to be normal in terms of function.
0
Comment
Question by:bikerhong
1 Comment
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 39228936
Hi,

The problem of all that sort of firewall software is that they know nothing about RPC dialogs.

RPC dialog uses dynamically negociated TCP ports.
If for any reason the DNS service on your Windows server has to dialog through a RPC session with another server it may use any port above TCP 1024...

To be more precise an answer efficiently to your question we need more details about this "suspicious" alert.
But this will require very "heavy" actions: network traffic captures, network map, ...

If the DNS service is installed on Windows 2008 or Windows 2008 R2 I would personnaly rely on the integrated Firewall service that is efficient and smart. The integrated firewall on Windows takes care of installed roles to update its rules and is able to understand RPC negociations and so is able to accept dynamic ports when they are needed.

If you're on Windows 2008 (R2 or not) my advice is to disable any firewall feature on McAfee and let the integrated firewall do its job.

This is my opinion, other experts may have another one.


Have a good day.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question