Active Outbound Connection to Host Listed in Known Bot Database

Critical Nessus Plugin ID 58430


The remote host is making an outbound connection to a host that is listed as part of a botnet, according to a third-party public database.


Nessus has determined via netstat, that the remote host has an outbound connection to one or more hosts that are listed in a public database as part of a botnet. This suggests the host may have been compromised.


Investigate the connection(s) and reinstall the remote system from scratch if appropriate.

Plugin Details

Severity: Critical

ID: 58430

File Name: ipthreat_lookup_netstat.nbin

Version: $Revision: 1.31 $

Type: reputation

Agent: windows, macosx, unix

Family: General

Published: 2012/03/22

Modified: 2018/01/29

Dependencies: 64582

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available