Search the Community
Showing results for tags 'dns attack'.
Found 1 result
Have an odd situation. My MalwareBytes Premium is repeatedly showing blocks for an inbound IP address (we'll call it 188.8.131.52 for example) on port 53. I am running this on a personal 2008 server that does have MS DNS running and the server is behind a Cisco router that has an explicit ACL deny for 184.108.40.206/24. I've scanned the inbound connections on both the router and the server and do NOT see that IP address connected nor does the access-list show any matches for that IP being denied. Still, MalwareBytes is repeatedly blocking that IP about 50 times every 15 minutes. Any ideas where I should be digging deeper?