[ASK] Block Malware Generate Random Subdomain, Domain and TLD

Tony Finch dot at dotat.at
Wed Jan 17 14:57:01 UTC 2018


Syaifudin <syaifudin at jsn.net.id> wrote:

> is there regex for bind config or something else to anticipation or block
> malware where generate random subdomain ( 2 or 3 character )+ random domain
> ( 7 character ) + random tld.

This is a job for RPZ.

I'm currently at UKNOF39 where we have just had a couple of talks about
RPZ. One of the speakers talked about algorithmically generated malware
domains: if you know the algorithm, you can pre-generate the malicious
domains and add them to your RPZ in advance.

If they are truly random attack domains then you'll need some other
strategy.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Humber, Thames: West 6 to gale 8, occasionally severe gale 9 at first,
increasing severe gale 9 to violent storm 11 later. Rough or very rough. Rain
later. Moderate or good.


More information about the bind-users mailing list