ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Operating System & Version
CentOS7 Linux 3.10.0-1127.el7.x86_64
cPanel & WHM Version
92.05

Jim Evans

Member
Aug 4, 2015
6
0
51
Canada
cPanel Access Level
DataCenter Provider
Started noticing suricata alerts based on this ET. Has anyone else been seeing this?


network.data.decoded.............ns2.magicgenericmart.su.....

UDP traffic

(..5.?._X..............ns2.magicgenericmart.su..............W."[email protected]

Exploring tcpdump to pcap gives an indication that it still hits the cPanel host even though /etc/csf/csf.dyndns has the FQDN.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,920
372
213
cPanel Access Level
Root Administrator
Hey there! I haven't personally heard of this just yet, but we also don't manage CSF on our side. It's possible another user will write here with their experience, but you may want to post this on the ConfigServer forums as well to see if there are away of known isues with the dyndns tool: ConfigServer Community Forum - Index page