• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.

Attack from known DNS server???? n360 Vers update

Should I be concerned, or is this a false positive. And if a false postive, what did it block from a standard DNS server?
Also if it is something that is required from the DNS server, how do I unblock it safely?

Interesting 8:02 PM 7/13/2015 this IP is one of the CenturyLink DNS Servers A.K.A qwest.net
Port 53 is Domain Name Sever so what the????

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
7/13/2015 6:20:30 PM,High,An intrusion attempt by was blocked.,Blocked,No Action Required,System Infected: Ransomware Activity 2,No Action Required,No Action Required,", 53","XXXS-PC (, 50803)",,"UDP, Port 53"
Network traffic from <b></b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. 
Default Server:  resolver.qwest.net

> resolver.qwest.net
Server:  resolver.qwest.net

Non-authoritative answer:
Name:    resolver.qwest.net
Addresses:  2001:428::1

> set type=CNAME
> resolver.qwest.net
Server:  resolver.qwest.net

        primary name server = authns1.qwest.net
        responsible mail addr = dns-admin.qwestip.net
        serial  = 2150708000
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 300 (5 mins)



Labels: Firewall