While monitoring egress DNS queries, you notice multiple infected workstations attempt to resolve dozens of seemingly random 16-character subdomains under various TLDs every 10 minutes. The requests are intercepted by your DNS sinkhole. Which botnet command-and-control technique are you observing, and why does it hinder traditional takedown methods?
Fast-flux hosting that rapidly changes the IP addresses behind a single, constant domain name to frustrate IP-based blocking.
A peer-to-peer command channel based on a distributed hash table, eliminating the need for any central domain name.
Use of a domain generation algorithm that continually produces new C2 domains, making it impractical to blacklist or seize them all.
Malware containing a hard-coded list of static C2 IP addresses, forcing defenders to block each address individually.
The activity matches a domain generation algorithm (DGA). Malware that uses a DGA produces large numbers of pseudo-random domain names on a predictable schedule and tries to contact them until the attacker registers one as the current command-and-control (C2) server. Because defenders must discover and block or seize an ever-changing set of possible domains, simply blacklisting a few known C2 addresses or taking down one domain is rarely effective.
Fast-flux rotates IP addresses, not domain names; peer-to-peer C2 dispenses with domains altogether; and hard-coded IP lists do not generate new DNS lookups, so none of those alternatives fit the observed pattern.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a domain generation algorithm (DGA)?
Open an interactive chat with Bash
How does a DNS sinkhole help mitigate DGA-based attacks?
Open an interactive chat with Bash
Why does DGA hinder traditional takedown methods?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .