Showing results for 
Search instead for 
Did you mean: 
Level 7

mcafee firewall record continually attempt connect to my udp ports from dns server


my Mcafee firewall shows that many continually attempt connection to my udp ports from some dns server as shown in 'mcafee firewall 4.jpg' is one of the dns servers as shown in 'my dns.jpg'

sometimes these connections don't appear, only attemp connection to my computer from gateway as shown in 'gateway.jpg'

it seems my connection speed to internet is slow when these connection appear.

are these connection from hacker?  why are these attack from dns server? 

I have to use a dns server to connect to internet.

I would appreciate your help very much.

0 Kudos
4 Replies
Level 21

Re: mcafee firewall record continually attempt connect to my udp ports from dns server

Not being able to read that language means I have no idea what is said there.    What McAfee product and version are you using and which section are those pics from?   If it's Incoming Connections then don't worry about it as they are all blocked.


Message was edited by: Ex_Brit on 01/10/13 6:34:50 EDT AM
0 Kudos
Level 7

Re: mcafee firewall record continually attempt connect to my udp ports from dns server


I uploaded again photos from firewall internet/network incoming events log and translated relevant info to English.

as you can see, these are incoming connections to my UDP ports from DNS servers and router gateway.

mcafee security center version: 9.11,

virus scan version: 13.11

personal firewall: 10.11

if these incoming connections are attack, why are they from DNS servers and gateway?  because I need DNS server to connect to internet, so almost evertime when I connect to internet, these connections appear, although sometimes they don't appear.

also, sometimes there are many incoming connections from local LAN computer as shown in 'mcafee firewall 2 english.jpg'

there are also continually incoming  ICMP Ping connections from IP address in China  which I use mcafee firewall to trace to.

I can understand attacks from local LAN computers or from computers from internet, but I don't understand why many attacks(if they are) are from DNS server?  could someone fake their IP address to DNS server?

I'd appreciate your help very much.

0 Kudos
Level 17

Re: mcafee firewall record continually attempt connect to my udp ports from dns server

1. Try changing the DNS server that you use. I see the IP address for Google (, but if you're using Google I don't know why the optusnet addresses are present in your logs. Optus is a legitimate Australian service provider ( so perhaps Google is the primary DNS server and Optus is the backup.

DNS Servers and Home Networking

Computers on your home network locate a DNS server through the Internet connection setup properties. Providers give their customers the public IP address(es) of primary and backup DNS servers. You can find the current IP addresses of your DNS server configuration via several methods:

  • on the configuration screens of a home network router

  • on the TCP/IP connection properties screens in Windows Control Panel (if configured via that method)

  • from ipconfig or similar command line utility

There are other DNS servers you can use : they are listed in "Top Free Internet DNS Servers"


2.   IP addresses and : these are private IP addresses for your router.

If you have unknown traffic coming from these addresses it is possible your router has been hacked. Most people do not change their router's default password, so many routers can be easily hacked. First, here's an easy way to check your router's IP address - the information is at the top right of the screen :

If your router has an IP address of this next page is relevant -

If the router has an IP address of, you can connect to it by opening a Web browser and visiting

This allows you to log into the router's administrator console and access its configuration screens

3.   Taking two examples from your screenshots :

1/  an attempted UDP connection to port 64946 - this port is an Ephemeral (dynamic, or private) port, whose number is above the highest port number that can be registered with IANA.

This range (49152–65535) is used for custom or temporary purposes and for automatic allocation of ephemeral ports

... used ... as the port assignment for the client end of a client–server communication to a well known port on a server.

UDP is often used with time-sensitive applications, such as audio/video streaming, and uTorrent requires Port 64946 to be open on a Linksys router according to this post from their forum.

2/ an attempted TCP connection to port 2869 - this is likely to be used by Internet Connection Sharing, Windows Firewall or Local Network Sharing; in the example the service making the connection attempt was Windows Media Player Network Sharing Service.

4. I could continue, but there is some basic advice I can give :

- Set Google to be your primary DNS server, if you haven't done so already.

- Set your McAfee firewall to Stealth.

- Check that all your ports are closed by using GRC's Shields Up program; in Firewall settings close any that Shields Up finds are open unless you need those ports to be open.

- Keep checking your network and system logs to monitor for any unusual activity.

0 Kudos
Level 21

Re: mcafee firewall record continually attempt connect to my udp ports from dns server

THIS IS VERY IMPORTANT:  You are using an obsolete version of the software.   It is no longer supported and I doubt very much if is protecting you adequately.    I suggest you uninstall immediately and purchase a current version or contact whomever you obtain your software from to get the latest version (SecurityCenter 12.x).

In any case Incoming Connections are merely there for your information and need not concern you as the ones listed are all blocked with your current settings, as I previously stated.   But Hayton is explaining that part better than I can.

Incidentally, what is your operating system and is it totally up to date?


Message was edited by: Ex_Brit on 02/10/13 8:51:43 EDT AM
0 Kudos