DNS Sinkhole Active Detection and Blocking of Known Malicious Domains presented at CounterMeasure 2012

by Guy Bruneau,

Tags: Security

Summary : Do you know if your organization is infected with Advanced Persistent Threat (APT)? Are you constantly dealing with malware that force a client to download suspicious files you want blocked? It is common for bots to use evading techniques such as fast flux to avoid being blocked by constantly changing their IP(s). However, a website or a domain name is often hard coded in malware to permit the client to download updates or upload the data it collects. This is where a DNS sinkhole can be used to find these hosts and control access where they go. This DNS Sinkhole overview can be used to expand detection and prevention in your network.