[ASK] Block Malware Generate Random Subdomain, Domain and TLD
dot at dotat.at
Wed Jan 17 14:57:01 UTC 2018
Syaifudin <syaifudin at jsn.net.id> wrote:
> is there regex for bind config or something else to anticipation or block
> malware where generate random subdomain ( 2 or 3 character )+ random domain
> ( 7 character ) + random tld.
This is a job for RPZ.
I'm currently at UKNOF39 where we have just had a couple of talks about
RPZ. One of the speakers talked about algorithmically generated malware
domains: if you know the algorithm, you can pre-generate the malicious
domains and add them to your RPZ in advance.
If they are truly random attack domains then you'll need some other
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Humber, Thames: West 6 to gale 8, occasionally severe gale 9 at first,
increasing severe gale 9 to violent storm 11 later. Rough or very rough. Rain
later. Moderate or good.
More information about the bind-users