This protocol has a wide variety of applications that has to be passed through the interface that can be interfered with. A DNS server or name server manages a massive database that maps domain names to IP addresses. A DNS service is used for routing the domain name of sites with their IP address. What is DNS?ĭNS is a protocol within the set of standards for how computers exchange data on the internet and many private networks, known as the TCP/IP protocol suite. Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware. A sinkhole is a way of redirecting malicious internet traffic so that it can be captured and analyzed by security analysts. These malicious URLs can be gathered from already known C&C servers, through the malware analysis process or open-source sites that are providing malicious IP details.ĭNS sinkholing is used to provide wrong DNS resolution and alternate the path of the users to different resources instead of the malicious or non-accessible content. The sinkhole can be used to change the flow to malicious URLs by entering the fake entry in the DNS.
This web page can be created with information detailing the corporate policy restriction and can be hosted on a local server.Ī DNS sinkhole can be used to control the C&C traffic and other malicious traffic across the enterprise level. When a user tries to access a sinkholed URL, a customized web page can be shown. This can be used to restrict access to specific sites that violate corporate policies, including social networking, abusive content and more. Normally firewalls and proxies are used to block malicious traffic across the organization.īy using the DNS sinkhole technique it is also possible to deny access to any of the websites.
The malicious URLs can be blocked by adding a false entry in the DNS and thus there will be a second level of protection. DNS sinkholing can be used to prevent access to malicious URLs at an enterprise level. This can be achieved by configuring the DNS forwarder to return a false IP address to a specific URL.
Excerpt: Utilizing DNS sinkholes to prevent malwareĭNS sinkhole or black hole DNS is used to spoof DNS servers to prevent resolving hostnames of specified URLs.
0 kommentar(er)
