Dynamic DNS – A survey of the abuse mechanisms affecting it and the growing
problem for Network Defenders defending against them.

Abstract

Dynamic DNS although generally used to provide legitimate services has, like so many other
technologies in use today, been exploited for a variety of criminal purposes. Dynamic DNS
is being actively and extensively used today for Botnet Command and Control, (C&C),
Advanced Persistent Threat (APT) Attacks, (Operation Aurora, RSA etc.), Drive-by
downloads, Exploit Pack utilisation and varied Phishing activities.

The attribution of such attacks is increasingly difficult for law enforcement (LE) and network
defenders, especially the initial identification of malicious domain registrants who use
dynamic DNS providers that require little or no identification to initially setup accounts,
privacy protection services and aliases to cover their tracks.

Proactive defence in depth techniques should be employed to defend a network in addition
to more specific measures to try and identify abuse of the dynamic DNS service. Passive
DNS Monitoring, malicious resource checking, website takedown and the employment of
Content and Web Filtering Technologies are some of the many methods that can be used to
fulfil this function

The full white paper can be read here

Download Post in PDF Save Post as PDF