DavidP 0 Posted March 10, 2014 Share Posted March 10, 2014 (edited) Hello. I have some strange dns queries going on. Open dns is saying some thing is requesting domains like this: h32cuaacaakjxrtpaeaaaagsaqaaakg6ek7tlo3gkfsk5ligafx5sca2aaaabua.ofliacaabaaaqboo54apdohqrwncgvevsqmu2cuwcydptw.a.j.e5.sk or aioxcbqaaaf2zficaaaaaaa.ulwm23ajmn4ypdq2.a.l.e5.sk a "dig" on e5.sk shows: dig +trace e5.sk ; <<>> DiG 9.9.2-P2 <<>> +trace e5.sk ;; global options: +cmd . 518282 IN NS g.root-servers.net. . 518282 IN NS d.root-servers.net. . 518282 IN NS j.root-servers.net. . 518282 IN NS a.root-servers.net. . 518282 IN NS k.root-servers.net. . 518282 IN NS m.root-servers.net. . 518282 IN NS c.root-servers.net. . 518282 IN NS e.root-servers.net. . 518282 IN NS b.root-servers.net. . 518282 IN NS h.root-servers.net. . 518282 IN NS i.root-servers.net. . 518282 IN NS l.root-servers.net. . 518282 IN NS f.root-servers.net. ;; Received 239 bytes from 192.168.1.1#53(192.168.1.1) in 40 ms sk. 172800 IN NS a.tld.sk. sk. 172800 IN NS c.tld.sk. sk. 172800 IN NS ns.eunet.sk. sk. 172800 IN NS ns.sk-nic.sk. sk. 172800 IN NS ns1.sk-nic.sk. sk. 172800 IN NS ns3.sk-nic.sk. sk. 172800 IN NS sns-pb.isc.org. sk. 86400 IN NSEC sl. NS RRSIG NSEC sk. 86400 IN RRSIG NSEC 8 1 86400 20140317000000 20140309230000 33655 . CrEdW8psKI1+7QCNxofwNftW7+v7Z0RcEn9ob0l65Nrex04B1XNpWkOT VijVjnKY4QX4HtfjhVe4FzeM4e78ycyXdUWvuEMRXHsDPFPJ/qGORr/w 5YselmVHpr4fAqD3T5Buf67IKUFaQCPsgbR+G2sx0qshrYD3aoQEzOaX 55g= ;; Received 560 bytes from 193.0.14.129#53(193.0.14.129) in 1038 ms e5.sk. 86400 IN NS h5-f5lb01-lsnr02-s.eset.com. e5.sk. 86400 IN NS h3-f5lb01-lsnr01-s.eset.com. e5.sk. 86400 IN NS 89.202.157.228.rev.eset.com. ;; Received 141 bytes from 217.75.72.157#53(217.75.72.157) in 938 ms e5.sk. 900 IN SOA 89.202.157.228.rev.eset.com.e5.sk. hostmaster.89.202.157.228.rev.eset.com.e5.sk. 2011111173 10800 3600 604800 900 ;; Received 109 bytes from 89.202.157.228#53(89.202.157.228) in 444 ms I am asking about this here only because e5.sk seems to be eset....is this my anti virus doing something it should not be? Any thoughts on this? Edited March 10, 2014 by DavidP Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted March 11, 2014 Administrators Share Posted March 11, 2014 Maybe you enabled Parental control? Link to comment Share on other sites More sharing options...
DavidP 0 Posted March 11, 2014 Author Share Posted March 11, 2014 I don't understand why parental controls would have anything to do with these domain requests. Also, if its not on by default, its not on because I never turned on parental controls. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 11, 2014 Share Posted March 11, 2014 With parental control, you can control the network traffic of your kids, and filter out certain sites. What better way to block sites then by dns servers or requests not turning over the address of the site ? I imagine this is what Marcos was referring to when he mentioned Parental controls. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted March 11, 2014 Administrators Share Posted March 11, 2014 Parental control sends DNS requests to ESET's server e5.sk to evaluate websites before access is granted. Link to comment Share on other sites More sharing options...
DavidP 0 Posted March 12, 2014 Author Share Posted March 12, 2014 Are these normal dns requests though? They look very suspect. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted March 14, 2014 Administrators Share Posted March 14, 2014 Yes, they are normal Parental control DNS queries against ESET's servers. Link to comment Share on other sites More sharing options...
equitylaw 0 Posted March 31, 2014 Share Posted March 31, 2014 Hi there I'm using only an endpoint and Business edition of the software. What component is responsible for this kind of DNS queries inside of Business edition? Thank you. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 31, 2014 Share Posted March 31, 2014 Parental control is not a module packaged with Endpoint as far as i know. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,706 Posted March 31, 2014 Administrators Share Posted March 31, 2014 Endpoint Security has Web control which is an equivalent to Parental control. Link to comment Share on other sites More sharing options...
esetlover 0 Posted December 6, 2016 Share Posted December 6, 2016 Hi. I have the same thing on my DNS log. I don't have Parental Control enables! What can it be? D0-E7-82.a.o.e5.sk 00-23-76.a.o.e5.sk bbdm7zaxdozexncjqe5tvaxxqqbqeaqbaeaq.a.e.e5.sk 74-D4-35.a.o.e5.sk Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 302 Posted December 13, 2016 ESET Moderators Share Posted December 13, 2016 Hello, The e5.sk domain is used by our product to perform URL checks. To speed the process up and make it more lightweight, it runs on the DNS protocol. Thus, the entries are OK, they are not traces of malware. T. Link to comment Share on other sites More sharing options...
Recommended Posts