Jump to content

Recommended Posts

Hello. I have some strange dns queries going on.

Open dns is saying some thing is requesting domains like this:

 

h32cuaacaakjxrtpaeaaaagsaqaaakg6ek7tlo3gkfsk5ligafx5sca2aaaabua.ofliacaabaaaqboo54apdohqrwncgvevsqmu2cuwcydptw.a.j.e5.sk

or

 

aioxcbqaaaf2zficaaaaaaa.ulwm23ajmn4ypdq2.a.l.e5.sk

 

a "dig" on e5.sk shows:

dig +trace e5.sk                     

; <<>> DiG 9.9.2-P2 <<>> +trace e5.sk
;; global options: +cmd
.                       518282  IN      NS      g.root-servers.net.
.                       518282  IN      NS      d.root-servers.net.
.                       518282  IN      NS      j.root-servers.net.
.                       518282  IN      NS      a.root-servers.net.
.                       518282  IN      NS      k.root-servers.net.
.                       518282  IN      NS      m.root-servers.net.
.                       518282  IN      NS      c.root-servers.net.
.                       518282  IN      NS      e.root-servers.net.
.                       518282  IN      NS      b.root-servers.net.
.                       518282  IN      NS      h.root-servers.net.
.                       518282  IN      NS      i.root-servers.net.
.                       518282  IN      NS      l.root-servers.net.
.                       518282  IN      NS      f.root-servers.net.
;; Received 239 bytes from 192.168.1.1#53(192.168.1.1) in 40 ms

sk.                     172800  IN      NS      a.tld.sk.
sk.                     172800  IN      NS      c.tld.sk.
sk.                     172800  IN      NS      ns.eunet.sk.
sk.                     172800  IN      NS      ns.sk-nic.sk.
sk.                     172800  IN      NS      ns1.sk-nic.sk.
sk.                     172800  IN      NS      ns3.sk-nic.sk.
sk.                     172800  IN      NS      sns-pb.isc.org.
sk.                     86400   IN      NSEC    sl. NS RRSIG NSEC
sk.                     86400   IN      RRSIG   NSEC 8 1 86400 20140317000000 20140309230000 33655 . CrEdW8psKI1+7QCNxofwNftW7+v7Z0RcEn9ob0l65Nrex04B1XNpWkOT VijVjnKY4QX4HtfjhVe4FzeM4e78ycyXdUWvuEMRXHsDPFPJ/qGORr/w 5YselmVHpr4fAqD3T5Buf67IKUFaQCPsgbR+G2sx0qshrYD3aoQEzOaX 55g=
;; Received 560 bytes from 193.0.14.129#53(193.0.14.129) in 1038 ms

e5.sk.                  86400   IN      NS      h5-f5lb01-lsnr02-s.eset.com.
e5.sk.                  86400   IN      NS      h3-f5lb01-lsnr01-s.eset.com.
e5.sk.                  86400   IN      NS      89.202.157.228.rev.eset.com.
;; Received 141 bytes from 217.75.72.157#53(217.75.72.157) in 938 ms

e5.sk.                  900     IN      SOA     89.202.157.228.rev.eset.com.e5.sk. hostmaster.89.202.157.228.rev.eset.com.e5.sk. 2011111173 10800 3600 604800 900
;; Received 109 bytes from 89.202.157.228#53(89.202.157.228) in 444 ms


I am asking about this here only because e5.sk seems to be eset....is this my anti virus doing something it should not be?

 

Any thoughts on this?

Edited by DavidP
Link to post
Share on other sites

I don't understand why parental controls would have anything to do with these domain requests. Also, if its not on by default, its not on because I never turned on parental controls.

Link to post
Share on other sites

With parental control, you can control the network traffic of your kids, and filter out certain sites.

What better way to block sites then by dns servers or requests not turning over the address of the site ?

 

I imagine this is what Marcos was referring to when he mentioned Parental controls.

Link to post
Share on other sites
  • 3 weeks later...
Hi there

 

I'm using only an endpoint and Business edition of the software. What component is responsible for this kind of DNS queries inside of Business edition?

 

Thank you.

Link to post
Share on other sites
  • 2 years later...

Hi.

I have the same thing on my DNS log.

I don't have Parental Control enables!

What can it be?

D0-E7-82.a.o.e5.sk

00-23-76.a.o.e5.sk

bbdm7zaxdozexncjqe5tvaxxqqbqeaqbaeaq.a.e.e5.sk

74-D4-35.a.o.e5.sk

Link to post
Share on other sites
  • ESET Moderators

Hello,

The e5.sk domain is used by our product to perform URL checks. To speed the process up and make it more lightweight, it runs on the DNS protocol.

Thus, the entries are OK, they are not traces of malware.

T.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...