Hello all, I have two instances of community edition GSA scanners in AWS environment and received several alerts that the GSA scanner is trying to resolve DNS for known C&C servers. The alerts all show DNS resolution requests to resolve domain - ipcast1.dynupdate.noip.com.
Has anyone seen it previously? Is it normal behavior by GSA and a false positive or something I need to investigate?
We do not query this servers, so please go to the config menu and correct the DNS Servers. Please note if you scan a Host, GVM tries to resolve the hostname, so it will be useful to fix your DNS installation before scanning inside AWS. Please note scanning out of AWS is not allowed by AWS T&C and might get you into trouble.