A newbie open recursive DNS resolver PROBLEM.

[Raycaster]

Not a total moron but can't track down this problem. Just received email from my ISP stating:

The ISP's network security dept has received reports that your system is running an open recursive DNS resolver.

I have a busy home network (like most here) and can't find the culprit.

3 LAN computers + WHS Unit, 1 GIG Switch, Xbox360, Wii
6 Wireless devices : 2 Apple Touch, 2 Laptop, 2 Android Phones

Anyways, all machines running Microsoft Essentials with firewalls (updated etc.) Doing a full check as I type but they look clean so far.

The Wireless is just WEP waiting for a replacement soon.

Any help I finding this would be appreciated! Thanks guys!

 

[C7J0yc3]

NMap your network to see if something snuck by MSE and your firewalls ans is an open DNS server. Also take a look at this page to find out more info and some tools for scanning.

http://dns.measurement-factory.com/surveys/openresolvers.html

 

[Jay_2]

what router / firewall are you using?

 

[Raycaster]

Had a no-name 4 port wirelessG router "blanc", came free with a color printer years ago. My dlink died and the blanc replaced it for over a year no problems.

Just installing a Asus RT-N56U router now.

My fault been pretty lazy and just ran WEP shared.

I'll do the MAC address etc and put some effort into this time. My bad...

Thank you for the links and suggestions without flames... I'm on it.

 

[Spooony]

NMap your network to see if something snuck by MSE and your firewalls ans is an open DNS server. Also take a look at this page to find out more info and some tools for scanning.

http://dns.measurement-factory.com/surveys/openresolvers.html

how can he nmap when windows don't do raw sockets anymore since XP SP2?

 

[heliotrope]

Windows may not support raw sockets anymore, but nmap still work on Windows. He can just do a port scan of his network on port 53 and see who's listening on that port. It will work fine from Windows. Here's the command:

nmap 192.168.1.1-255 -p 53

Insert your own IP range(s) to match whatever your internal addresses are.

 

[Chilly]

how can he nmap when windows don't do raw sockets anymore since XP SP2?

http://www.winpcap.org/ - Included automatically with latest Wireshark and nmap installs

 

[C7J0yc3]

A backtrack 5 live CD would work too if you don't want to go have to track down all the various tools for network scanning.

 

[Raycaster]

Thank you guys for all the info.

I've checked and cleaned every unit and installed the new router. Still can't figure out the printer install on the unit but that's for another day.

As for the nmap information I will be looking into. Its a little out of my knowledge range but looks like it should be done. Since the ISP hasn't sent anymore notices I believe it's been halted for now.