R
Rick_Firewire
Hello Everyone,
Is there anyone who may provide an explanation to my query? I have never seen a Windows Firewall create its own set of Inbound Rules.
I have this showing up out of nowhere, without any idea how it was created:
"DNS Server Forward Rule - TCP 645HD8HD73BD83H-DH73D37-D37DG3""DNS Server Forward Rule - UDP 645HD8HD73BD83H-DH73D37-D37DG3"
They come in pairs, one for both the UDP and TCP protocol. At first I suspected a rootkit disguising its sent data as DNS traffic, am still unsure what this is. They all seem to be going through the standard Port 53, connections are stated to be allowed, nothing specified under Programs Tab.
My main question is, if this is a concern for malware/rootkit? I have also completely reset the Windows 10 PC via the "Clean all drives.." option, then reinstalled a new version of windows after that. These DNS rule have reappeared again.
Ps: the string of characters after TCP/UDP, shown in my example are fabricated, I did not post the real characters in case it represented something private. But they look something like that.
Is there anyone that can help?
Thanks.
Continue reading...
Is there anyone who may provide an explanation to my query? I have never seen a Windows Firewall create its own set of Inbound Rules.
I have this showing up out of nowhere, without any idea how it was created:
"DNS Server Forward Rule - TCP 645HD8HD73BD83H-DH73D37-D37DG3""DNS Server Forward Rule - UDP 645HD8HD73BD83H-DH73D37-D37DG3"
They come in pairs, one for both the UDP and TCP protocol. At first I suspected a rootkit disguising its sent data as DNS traffic, am still unsure what this is. They all seem to be going through the standard Port 53, connections are stated to be allowed, nothing specified under Programs Tab.
My main question is, if this is a concern for malware/rootkit? I have also completely reset the Windows 10 PC via the "Clean all drives.." option, then reinstalled a new version of windows after that. These DNS rule have reappeared again.
Ps: the string of characters after TCP/UDP, shown in my example are fabricated, I did not post the real characters in case it represented something private. But they look something like that.
Is there anyone that can help?
Thanks.
Continue reading...