Hi, i really need some help.
I have decided to do analyze my network traffic when i saw that two of my computer's makes some weird DNS queries to this url zwyr157wwiu6eior.com
Here is the Output of my wireshark capture :
Frame 987: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}, id 0
Interface id: 0 (\Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A})
Interface name: \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}
Interface description: Wi-Fi 3
Encapsulation type: Ethernet (1)
Arrival Time: Sep 17, 2020 07:24:35.762840000 Est (heure d’été)
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1600341875.762840000 seconds
[Time delta from previous captured frame: 0.012426000 seconds]
[Time delta from previous displayed frame: 0.012426000 seconds]
[Time since reference or first frame: 107.454245000 seconds]
Frame Number: 987
Frame Length: 112 bytes (896 bits)
Capture Length: 112 bytes (896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: ASUSTekC_71:0e:f0 (14:dd:a9:71:0e:f0), Dst: Cisco-Li_82:01:51 (48:f8:b3:82:01:51)
Destination: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
Address: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
Address: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.30
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 98
Identification: 0x0000 (0)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xb71b [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.1.1
Destination: 192.168.1.30
User Datagram Protocol, Src Port: 53, Dst Port: 53104
Source Port: 53
Destination Port: 53104
Length: 78
Checksum: 0x61d7 [unverified]
[Checksum Status: Unverified]
[Stream index: 176]
[Timestamps]
Domain Name System (response)
Transaction ID: 0x0dc9
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 0
Queries
Answers
[Request In: 986]
[Time: 0.012426000 seconds]
Is there anyway to stop malicious DNS queries ?
Thanks for your time and your read :)
-Steeve Reeves