Hello all,
I'm a noob to this forum so please bear with me. Yesterday I received an email from Charter Security stating the following:

"Dear Spectrum Internet Customer,

Charter Communications has been notified of a potential security related issue with your internet service.

Issue Description – A device on your network is capable of a network-impacting, distributed denial-of-service (DDoS) attack because it is acting as a DNS Open Resolver. This can allow hackers the ability to launch large attacks against others using your equipment.

We are asking that you take immediate action to remediate this issue.

Remediation Recommendations:

•Verify your router has the most current firmware.
•Consider disabling your DNS Proxy or Recursive Resolver in your router configuration settings.

Note: You may need to visit the webpage of your router’s manufacturer to obtain the latest firmware update or for information on how to make changes to your router.

Please be advised that Charter’s Acceptable Use Policies explicitly prohibit actions, whether intentional or unintentional, that disrupt Charter’s network. These policies are available on https://www.charter.com/browse/content/services for your convenience.

Repeated events and/or complaints pertaining to this network abuse issue may result in an interruption of your service.

If you have any questions, please contact the Subscriber Services Security Team at 1-866-229-7289. Our Subscriber Services Security Team is available to provide assistance from 8am – 8pm CST, Monday through Friday and from 8am – 5pm CST, Saturday and Sunday.

Charter Communications

--- The following material was provided to us as evidence ---

[Part 0 (plain text)]

Issue Description: Open DNS Resolver Vulnerability Vulnerable Port: 53 Vulnerable IP Address:
Timestamp: 8/31/2015 3:11:15 GMT"

The time stamp corresponds with around the time I installed Windows Server 2012 Essentials for testing and learning purposes. So I did a port scan and firewall check and in fact port 53 is open for the DNS. I also have the computer listed in my router's configuration under the DMZ. So I guess I'm asking, what do I do? If I shut down the DNS on the server, won't that mess up dns lookups on my network? ..and if I turn off the DMZ, that won't allow me to reach the computer via outside my internal network. Also, if the computer has been on this long since the timestamp, why now are they contacting me about something over a month ago?

thank you in advance for any help or guidance

ps. I called their number listed and it was like talking to a brick wall. One person didn't even understand what I was talking about and another couldn't even look up the reference number. I really don't want to lose my service. As of right now I've shutdown the server and removed the entry in the router but would like alternative suggestions.