Anyone else seeing DGA (1) like behavior for Comcast based customers? If so, is there any information on it? Seeing a lot of traffic to bogus domains all synonymous with their networks. 1: https://en.wikipedia.org/wiki/Domain_generation_algorithm -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM, GNFA "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0A96 6318 EA49 4032 21C9 A7A8 81E9 3E95 414F 356E https://pgp.mit.edu/pks/lookup?op=get&search=0x81E93E95414F356E
On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joquendo@e-fensive.net> wrote:
Anyone else seeing DGA (1) like behavior for Comcast based customers? If so, is there any information on it? Seeing a lot of traffic to bogus domains all synonymous with their networks.
don't they have a anti-botnet-automagic-walled-garden thing that's supposed to stop this? (also, example request RRs?)
On Apr 25, 2018, at 8:34 AM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joquendo@e-fensive.net> wrote:
Anyone else seeing DGA (1) like behavior for Comcast based customers? If so, is there any information on it? Seeing a lot of traffic to bogus domains all synonymous with their networks.
don't they have a anti-botnet-automagic-walled-garden thing that's supposed to stop this? (also, example request RRs?)
If a residential broadband consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks. - ferg — Paul Ferguson ICEBRG.io Seattle, Washington, USA
participants (3)
-
Christopher Morrow
-
J. Oquendo
-
Paul Ferguson