The first message means a public IP address (could be from any one of various registries) is trying to send a packet to a private IP address in your organization, in port 25 (SMTP). This does not necessarily indicate a DOS attack, and if the firewall is blocking the packet then it’s OK.
The second message means a public IP address is trying to send a packet to another public IP address, in port 135. Microsoft’s DCOM (Distributed, i.e. networked, COM) Service Control Manager (also known as the RPC Endpoint Mapper) uses this port in a manner similar to SUN’s UNIX use of port 111. The SCM server running on the user’s computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine. Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as “epdump” (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user’s hosting computer and match them up with known exploits against those services.
The third message means a private IP address in your organization is trying to send a packet to a public IP address, in port 53 (DNS). This does not necessarily indicate a DOS attack, and can indicate a simple DNS query. I can recommend opening port 53 UDP (for DNS queries) ONLY to the DNS servers you use (internal or external) in your organization.
Hope I helped…