DNS Server Listed in Known Bot Database

high Nessus Plugin ID 58429

Synopsis

According to a third-party database, the remote host is using a DNS server that is listed as part of a botnet.

Description

This plugin has been temporarily disabled.

The remote host is using one or more DNS servers that are listed in a public database as part of a botnet. This could cause requests for legitimate websites and hostnames to be routed to attacker-controlled machines. This also suggests that this host may have been compromised.

Solution

Investigate the DNS server settings and reinstall the remote system from scratch if appropriate.

See Also

https://support.tenable.com/support-center/index.php?x=&mod_id=2&id=518

Plugin Details

Severity: High

ID: 58429

File Name: ipthreat_lookup_dns.nbin

Version: 1.80

Type: reputation

Agent: windows, macosx, unix

Family: General

Published: 3/22/2012

Updated: 9/25/2023

Supported Sensors: Nessus Agent

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available