Search the Community
Showing results for tags 'dns attack'.
Have an odd situation. My MalwareBytes Premium is repeatedly showing blocks for an inbound IP address (we'll call it 22.214.171.124 for example) on port 53. I am running this on a personal 2008 server that does have MS DNS running and the server is behind a Cisco router that has an explicit ACL deny for 126.96.36.199/24. I've scanned the inbound connections on both the router and the server and do NOT see that IP address connected nor does the access-list show any matches for that IP being denied. Still, MalwareBytes is repeatedly blocking that IP about 50 times every 15 minutes. Any ideas where I should be digging deeper?
I clicked on what I thought was an ordinary cooking/recipe site, but it was some kind of malware site. (this is before I installed Malwarebytes, just running Windows Defender) The browser was bombarded by a request to go to the web site "fifhnetworkservercrush78jk.tk. The url had an extension of /Chrome/012345678910111213 . I shut my wireless connection and ran both Windows defender and Malwarebytes, but nothing was detected. When I was offline, I deleted all of the browser history including this url. However, when I open Chrome, it is not responsive, and when I check browser history, I find additional attempts to visit that site. What should I do? view-source_chrome___history for malware.pdf