Search the Community
Showing results for tags 'dns attack'.
Found 2 results
Have an odd situation. My MalwareBytes Premium is repeatedly showing blocks for an inbound IP address (we'll call it 22.214.171.124 for example) on port 53. I am running this on a personal 2008 server that does have MS DNS running and the server is behind a Cisco router that has an explicit ACL deny for 126.96.36.199/24. I've scanned the inbound connections on both the router and the server and do NOT see that IP address connected nor does the access-list show any matches for that IP being denied. Still, MalwareBytes is repeatedly blocking that IP about 50 times every 15 minutes. Any ideas where I should be digging deeper?
I clicked on what I thought was an ordinary cooking/recipe site, but it was some kind of malware site. (this is before I installed Malwarebytes, just running Windows Defender) The browser was bombarded by a request to go to the web site "fifhnetworkservercrush78jk.tk. The url had an extension of /Chrome/012345678910111213 . I shut my wireless connection and ran both Windows defender and Malwarebytes, but nothing was detected. When I was offline, I deleted all of the browser history including this url. However, when I open Chrome, it is not responsive, and when I check browser history, I find additional attempts to visit that site. What should I do? view-source_chrome___history for malware.pdf