Active Outbound Connection to Host Listed in Known Bot Database

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

According to a third-party database, the remote host is making an
outbound connection to a host that is listed as part of a botnet.

Description :

According to the output from netstat, the remote host has an outbound
connection to one or more hosts that are listed in a public database as
part of a botnet. This suggests the host may have been compromised.

See also :

https://support.tenable.com/support-center/index.php?x=&mod_id=2&id=518

Solution :

Investigate the connection(s) and reinstall the remote system from
scratch if appropriate.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: General

Nessus Plugin ID: 58430 ()

Bugtraq ID:

CVE ID: