GSA in AWS - DNS requests to ipcast1.dynupdate.noip.com

aws
solved

#1

Hello all, I have two instances of community edition GSA scanners in AWS environment and received several alerts that the GSA scanner is trying to resolve DNS for known C&C servers. The alerts all show DNS resolution requests to resolve domain - ipcast1.dynupdate.noip.com.

Has anyone seen it previously? Is it normal behavior by GSA and a false positive or something I need to investigate?

Thank you.


#2

We do not query this servers, so please go to the config menu and correct the DNS Servers. Please note if you scan a Host, GVM tries to resolve the hostname, so it will be useful to fix your DNS installation before scanning inside AWS. Please note scanning out of AWS is not allowed by AWS T&C and might get you into trouble.


#3

Thank you Lucas. I think it was DNS resolution attempt from the computer’s VPN client a VPN to AWS, DNS server that triggered it.

Thanks for the information though!


#4