DNS Server Listed in Known Bot Database

high Nessus Plugin ID 58429


According to a third-party database, the remote host is using a DNS server that is listed as part of a botnet.


This plugin has been temporarily disabled.

The remote host is using one or more DNS servers that are listed in a public database as part of a botnet. This could cause requests for legitimate websites and hostnames to be routed to attacker-controlled machines. This also suggests that this host may have been compromised.


Investigate the DNS server settings and reinstall the remote system from scratch if appropriate.

See Also


Plugin Details

Severity: High

ID: 58429

File Name: ipthreat_lookup_dns.nbin

Version: 1.80

Type: reputation

Agent: windows, macosx, unix

Family: General

Published: 3/22/2012

Updated: 9/25/2023

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available