ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Operating System & Version
CentOS7 Linux 3.10.0-1127.el7.x86_64
cPanel & WHM Version
92.05
Jim Evans

Jim Evans

Member
Aug 4, 2015
9
0
51
Canada
cPanel Access Level
DataCenter Provider
Started noticing suricata alerts based on this ET. Has anyone else been seeing this?


network.data.decoded.............ns2.magicgenericmart.su.....

UDP traffic

(..5.?._X..............ns2.magicgenericmart.su..............W."[email protected].....

Exploring tcpdump to pcap gives an indication that it still hits the cPanel host even though /etc/csf/csf.dyndns has the FQDN.
 
Last edited:
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,488
2,605
363
cPanel Access Level
Root Administrator
Hey there! I haven't personally heard of this just yet, but we also don't manage CSF on our side. It's possible another user will write here with their experience, but you may want to post this on the ConfigServer forums as well to see if there are away of known isues with the dyndns tool: ConfigServer Community Forum - Index page
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Cloudflare configuration for Cpanel DNS mail records Security 1
S Dynamic DNS / SSL / Synology NAS Security 7
M Whitelisting Dynamic DNS hostnames Security 5
C AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server Security 5
I Issue with AutoSSL "DNS does not manage/DNS query error SERVFAIL (2)" Security 1
Similar threads
Cloudflare configuration for Cpanel DNS mail records
Dynamic DNS / SSL / Synology NAS
Whitelisting Dynamic DNS hostnames
AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server
Issue with AutoSSL "DNS does not manage/DNS query error SERVFAIL (2)"
Top Bottom