DNS Server Listed in Known Bot Database

High Nessus Plugin ID 58429


According to a third-party database, the remote host is using a DNS server that is listed as part of a botnet.


The remote host is using one or more DNS servers that are listed in a public database as part of a botnet. This could cause requests for legitimate websites and hostnames to be routed to attacker-controlled machines. This also suggests that this host may have been compromised.


Investigate the DNS server settings and reinstall the remote system from scratch if appropriate.

See Also


Plugin Details

Severity: High

ID: 58429

File Name: ipthreat_lookup_dns.nbin

Version: $Revision: 1.30 $

Type: reputation

Agent: windows, macosx, unix

Family: General

Published: 2012/03/22

Modified: 2018/01/29

Dependencies: 58180, 58181

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available