• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Attack from known DNS server???? n360 Vers 22.5.0.124 update

Should I be concerned, or is this a false positive. And if a false postive, what did it block from a standard DNS server?
Also if it is something that is required from the DNS server, how do I unblock it safely?

##
Interesting 8:02 PM 7/13/2015 this IP is one of the CenturyLink DNS Servers A.K.A qwest.net
Port 53 is Domain Name Sever so what the????

##
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
7/13/2015 6:20:30 PM,High,An intrusion attempt by 205.171.2.65 was blocked.,Blocked,No Action Required,System Infected: Ransomware Activity 2,No Action Required,No Action Required,"205.171.2.65, 53","XXXS-PC (192.168.1.153, 50803)",205.171.2.65,"UDP, Port 53"
Network traffic from <b>205.171.2.65</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. 
##
###
C:\WINDOWS\system32>nslookup
Default Server:  resolver.qwest.net
Address:  205.171.2.65

> resolver.qwest.net
Server:  resolver.qwest.net
Address:  205.171.2.65

Non-authoritative answer:
Name:    resolver.qwest.net
Addresses:  2001:428::1
          2001:428::2
          205.171.3.25
          205.171.2.65
          205.171.3.65
          205.171.2.25

> set type=CNAME
> resolver.qwest.net
Server:  resolver.qwest.net
Address:  205.171.2.65

qwest.net
        primary name server = authns1.qwest.net
        responsible mail addr = dns-admin.qwestip.net
        serial  = 2150708000
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 300 (5 mins)
>
###

http://who.is/nameserver/resolver.qwest.net/

http://whois.domaintools.com/205.171.2.65

Labels: Firewall