Not what you are looking for? Ask the experts!
Attack from known DNS server???? n360 Vers 188.8.131.52 update
Should I be concerned, or is this a false positive. And if a false postive, what did it block from a standard DNS server?
Also if it is something that is required from the DNS server, how do I unblock it safely?
Interesting 8:02 PM 7/13/2015 this IP is one of the CenturyLink DNS Servers A.K.A qwest.net
Port 53 is Domain Name Sever so what the????
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
7/13/2015 6:20:30 PM,High,An intrusion attempt by 184.108.40.206 was blocked.,Blocked,No Action Required,System Infected: Ransomware Activity 2,No Action Required,No Action Required,"220.127.116.11, 53","XXXS-PC (192.168.1.153, 50803)",18.104.22.168,"UDP, Port 53"
Network traffic from <b>22.214.171.124</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Default Server: resolver.qwest.net
> set type=CNAME
primary name server = authns1.qwest.net
responsible mail addr = dns-admin.qwestip.net
serial = 2150708000
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 300 (5 mins)