Detections
Analytics
DNS Server Listed in Known Bot Database
high Nessus Plugin ID 58429
Language:
Synopsis
According to a third-party database, the remote host is using a DNS server that is listed as part of a botnet.Description
This plugin has been temporarily disabled.The remote host is using one or more DNS servers that are listed in a public database as part of a botnet. This could cause requests for legitimate websites and hostnames to be routed to attacker-controlled machines. This also suggests that this host may have been compromised.
Solution
Investigate the DNS server settings and reinstall the remote system from scratch if appropriate.See Also
https://support.tenable.com/support-center/index.php?x=&mod_id=2&id=518
Plugin Details
Severity: High
ID: 58429
File Name: ipthreat_lookup_dns.nbin
Version: 1.80
Type: reputation
Agent: windows, macosx, unix
Family: General
Published: 3/22/2012
Updated: 9/25/2023
Supported Sensors: Nessus Agent
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Ease: No known exploits are available