I have thousands of logs from McAfee Security History reporting suspicious activity being blocked from my own DNS server. The IPs being detected are :feed::1 and :feed::2 (from what I understand these are the IPv6 DNS server variants) and the connections are always from seemingly random UDP ports. Can I get any help understanding what this means and how I can resolve or troubleshoot it? I am worried for my network safety.
Using McAfee LiveSafe Version 16.0
Our article Your McAfee software blocked risky connections will help you to know why risky connections are getting blocked.
Please follow our article How to configure Personal Firewall to allow inbound connections on specific ports to configure the blocked connections.
Appreciate the reply, but I've reviewed the information provided in both links and neither of them help me understand my situation any better. I'm specifically looking for an explanation as to why my own DNS server IP is being blocked. I don't understand all these networking terms and I am concerned I have vulnerabilities within my own network the way these log files read. Furthermore, I do not want to change firewall settings to allow more network traffic when I don't understand why it is being blocked in the first place. Any clarification would be appreciated. Thank you for the timely response.
I also have the same symptoms where my DNS servers (184.108.40.206 or 220.127.116.11) are attempting connections to ephemeral ports using IPv4.
Given I am behind a router which would require ports to be forwarded for new connections, is this the McAfee firewall blocking something that should be allowed (i.e. some established connections)?
I haven't seen any ill effects of these ports being blocked, but it is concerning me how these connection attempts are making it to the PC if it's not an error in the firewall reporting.
Please do remove the temporary internet files, cache and cookies periodically which will help in this regard. You can also set up a schedule in McAfee Quick clean to perform the same once/twice a week.
I've just discovered this issue on my laptop. 74 thousand risky connections so far. While I didn't look at 74,000, the first the pages say "The source IP is your own DNS server" (what's that). If McAfee is working so hard on my own connection surely its slowing down my laptop. What is wrong with my DNS? Like others before me asked, a simple explanation/solution would be great.
I just completed a "quick clean" when offered by McAfee.
Best Regards during this Covid-19 crisis and Keep Safe
Just letting you known I see those messages in my security history as well. Previously there was a 22 page thread re this but it was never resolved. That issue was more that users had connection issues as well as the messages. I have not noticed any issues bar a lot of these messages.
See if a mod comments. I feel it is not anything to be worried about
Thank you Peacekeeper, I appreciate you responding. I presume once McAfee is "looking after it", it cannot be too serious. However, it seems odd that the connection being used to connect to the internet is seen as an issue and it seems McAfee cannot give give a simple explanation.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: