Hello everyone,
this is a follow-up to an older thread: https://forum.avast.com/index.php?topic=184959.0
I use Avast Free Antivirus 21.2.2455 (compilation 212.6096.651) without SecureDNS, WebShield etc. installed, and I can see a lot of traffic coming out of my network to a weird set of DNS servers. Sample traffic:
Source Destination Prot. Length Info
192.168.1.101 37.120.144.66 DNS 81 Standard query 0xd357 TXT 2.sEcuRedns.AvaST.COm
37.120.144.66 192.168.1.101 DNS 218 Standard query response 0xd357 TXT 2.sEcuRedns.AvaST.COm TXT
192.168.1.101 37.120.144.66 DNS 160 Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
37.120.144.66 192.168.1.101 DNS 405 Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101 37.120.144.66 DNS 81 Standard query 0x06ee TXT 2.sECUrEdns.avASt.Com
192.168.1.101 156.146.38.142 DNS 81 Standard query 0x49d1 TXT 2.SEcUREdnS.AvAst.com
192.168.1.101 84.17.55.14 DNS 81 Standard query 0x3989 TXT 2.SeCUReDNS.AVASt.cOM
37.120.144.66 192.168.1.101 DNS 218 Standard query response 0x06ee TXT 2.sECUrEdns.avASt.Com TXT
84.17.55.14 192.168.1.101 DNS 218 Standard query response 0x3989 TXT 2.SeCUReDNS.AVASt.cOM TXT
192.168.1.101 37.120.144.66 DNS 160 Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
192.168.1.101 84.17.55.14 DNS 160 Unknown operation (11) response 0x5566 RRset does not exist[Malformed Packet]
37.120.144.66 192.168.1.101 DNS 346 Unknown operation (12) 0x7236[Malformed Packet]
84.17.55.14 192.168.1.101 DNS 218 Unknown operation (12) 0x7236[Malformed Packet]
156.146.38.142 192.168.1.101 DNS 218 Standard query response 0x49d1 TXT 2.SEcUREdnS.AvAst.com TXT
192.168.1.101 156.146.38.142 DNS 160 Unknown operation (9) 0x1caf[Malformed Packet]
156.146.38.142 192.168.1.101 DNS 346 Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101 37.120.144.66 DNS 81 Standard query 0xcaeb TXT 2.seCurEDNS.avAST.com
37.120.144.66 192.168.1.101 DNS 218 Standard query response 0xcaeb TXT 2.seCurEDNS.avAST.com TXT
192.168.1.101 37.120.144.66 DNS 160 Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
37.120.144.66 192.168.1.101 DNS 346 Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101 37.120.144.66 DNS 81 Standard query 0x4615 TXT 2.SeCUREdNs.aVAsT.com
On the contrary to the last post in the old thread I don’t think that’s “useful” at all and therefore I would like to:
- know how to permanently disable the DNS flood traffic on the program level or
- obtain a full list with the IP range blocks which Avast talks to so then I would block them on my network devices. Whenever I block a single IP address, new ones appear later in the traffic.
Thanks
KR