So I support a small network of users with basic things like getting connected to our network, etc. Unfortunately, I don't support a lot of the higher end stuff like switch management and network security; mainly working with the users. I do get these emails from upper authority about users who are being flagged for open dns recursion.
I have been able to test this on my end by running the NMAP tool. It some cases though, I cannot prevent this from happening. A lot of the users have routers and usually it just needs to be updated to the latest firmware and then the user is good to go. I have other cases where the user only plugs in a laptop and all of their IP/DNS settings are set to DHCP. I have had them runs scans with MBAM and such (not sure if a virus could cause this) and still haven't been able to prevent this from happening. They also aren't running any servers or anything on their computer.
I was wondering if anyone could provide some assistance on this. I'm not sure what else could cause open dns recursion, but I'm definitely missing something as I can't solve the problem.
I'm not sure if knowing what service it is helps at all (bind, isc bind, dnsmasq). Also, for some of the users the NMAP tool says that 1 service was unrecognized and it lists a weird fingerprint and says if I know the service to submit it to some website.
Thanks.
I have been able to test this on my end by running the NMAP tool. It some cases though, I cannot prevent this from happening. A lot of the users have routers and usually it just needs to be updated to the latest firmware and then the user is good to go. I have other cases where the user only plugs in a laptop and all of their IP/DNS settings are set to DHCP. I have had them runs scans with MBAM and such (not sure if a virus could cause this) and still haven't been able to prevent this from happening. They also aren't running any servers or anything on their computer.
I was wondering if anyone could provide some assistance on this. I'm not sure what else could cause open dns recursion, but I'm definitely missing something as I can't solve the problem.
I'm not sure if knowing what service it is helps at all (bind, isc bind, dnsmasq). Also, for some of the users the NMAP tool says that 1 service was unrecognized and it lists a weird fingerprint and says if I know the service to submit it to some website.
Thanks.