Detections
Analytics
Active Outbound Connection to Host Listed in Known Bot Database
critical Nessus Plugin ID 58430
Language:
Synopsis
The remote host is making an outbound connection to a host that is listed as part of a botnet, according to a third-party public database.Description
This plugin has been temporarily disabled.Nessus has determined via netstat, that the remote host has an outbound connection to one or more hosts that are listed in a public database as part of a botnet. This suggests the host may have been compromised.
Solution
Investigate the connection(s) and reinstall the remote system from scratch if appropriate.Plugin Details
Severity: Critical
ID: 58430
File Name: ipthreat_lookup_netstat.nbin
Version: 1.84
Type: reputation
Agent: windows, macosx, unix
Family: General
Published: 3/22/2012
Updated: 9/25/2023
Supported Sensors: Nessus Agent
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 10
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
Exploit Ease: No known exploits are available