ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set
ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set
| IP Address | Port | Hostname | |
|---|---|---|---|
| Source | (local) | 52623 | |
| Destination | 5.133.8.122 (Poland) | domain (53) |
Description:
- These rules are intended to detect non-compliant DNS. It does so.
- However, these rules are also triggered by SecureDNS traffic.
False Positive:
- YES
- This is Avast attempting to determine whether or not DNS hijacking is in place using SecureDNS.
- You can see it here: http://mxtoolbox.com/SuperTool.aspx?action=ptr%3a5.133.8.122&run=toolpage
- https://www.threatcrowd.org/ip.php?ip=5.133.8.122
- dig ptr 122.8.133.5.in-addr.arpa
- ;; ANSWER SECTION:
- 122.8.133.5.in-addr.arpa. 5270 IN PTR waw81-005.ff.avast.com.
Action:
- None
Comments