Skip to content

Latest commit

 

History

History
69 lines (55 loc) · 2.23 KB

hosts.rst

File metadata and controls

69 lines (55 loc) · 2.23 KB
Raw

Hosts

The Hosts module evaluates the entries in the local hosts file.

References

Samples

Aug 26 11:46:14 server555.local.net/10.7.1.14
THOR: Warning: MODULE: Hosts
MESSAGE: New hosts entry - not found during the last run
ENTRY: master.comp-a.net
IP: 10.7.10.2
SCORE: 75

Jul 29 12:16:18 server99.local.net/10.1.1.55
THOR: Warning: MODULE: Hosts
MESSAGE: Suspicious entry found in Hosts file
ENTRY: ctldl.windowsupdate.com
IP: 127.0.0.1
SCORE: 75

Typical False Positives

  • Entries on development systems to simulate future DNS resolution (e.g. www.company-intranet.net 10.0.2.28)
  • Some Antivirus tools insert entries into the hosts file to immunize the system (e.g. Spybot Search & Destroy)

Attribute Evaluation

.yes {text-align: center;} .no {text-align: center;} .good {background-color:#64c864 !important; text-align: center;} .bad {background-color:#c86464 !important; text-align: center;} .low {background-color:#cccccc !important; text-align: center;} .medium {background-color:#aaaaaa !important; text-align: center;} .high {background-color:#8a8a8a !important; text-align: center;}