0

I have read into malware sink holing, as a way to disrupt botnets.

There are also approaches to make this more difficult, for example using a Domain Name Generator algorithm which is what the Conficker worm used, fast-flux, double fast-flux, and P2P connectivity. I guess it would also be possible to use some sort of honeypot detection script.

My plan is to perform some research into novel ways of defeating sink holes. I was wondering whether there are any resources which list various different ways of evading sinkholes? I am not looking for a detailed explanation, just a list of approaches.

The sources do not need to be academic, this is just for high level knowledge purposes.

questioner
  • 171
  • 2
  • 11
  • https://www.researchgate.net/publication/220269670_Detecting_Algorithmically_Generated_Malicious_Domain_Names _Yadav etal, 2020_ "can we detect algorithmically generated domain names while monitoring DNS traffic even when a reverse engineered domain generation algorithm may not be available?" .. strategies to identify domains using characteristics such as the frequency of letters and letter-pairs, compared to those in "valid" domain-listings – brynk Jun 19 '22 at 22:18
  • @brynk That is a very nice paper. I was wondering whether there was a list of ways for an attacker to defeat/detect sink holes. Way to defeat sink holes include domain generation algorithms, P2P, fast-flux etc... – questioner Jun 20 '22 at 14:36

0 Answers0