Should I be concerned, or is this a false positive. And if a false postive, what did it block from a standard DNS server?
Also if it is something that is required from the DNS server, how do I unblock it safely?
##
Interesting 8:02 PM 7/13/2015 this IP is one of the CenturyLink DNS Servers A.K.A qwest.net
Port 53 is Domain Name Sever so what the????
##
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
7/13/2015 6:20:30 PM,High,An intrusion attempt by 205.171.2.65 was blocked.,Blocked,No Action Required,System Infected: Ransomware Activity 2,No Action Required,No Action Required,"205.171.2.65, 53","XXXS-PC (192.168.1.153, 50803)",205.171.2.65,"UDP, Port 53"
Network traffic from <b>205.171.2.65</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
##
###
C:\WINDOWS\system32>nslookup
Default Server: resolver.qwest.net
Address: 205.171.2.65
> resolver.qwest.net
Server: resolver.qwest.net
Address: 205.171.2.65
Non-authoritative answer:
Name: resolver.qwest.net
Addresses: 2001:428::1
2001:428::2
205.171.3.25
205.171.2.65
205.171.3.65
205.171.2.25
> set type=CNAME
> resolver.qwest.net
Server: resolver.qwest.net
Address: 205.171.2.65
qwest.net
primary name server = authns1.qwest.net
responsible mail addr = dns-admin.qwestip.net
serial = 2150708000
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 300 (5 mins)
>
###
http://who.is/nameserver/resolver.qwest.net/
http://whois.domaintools.com/205.171.2.65