> On Apr 25, 2018, at 8:34 AM, Christopher Morrow <morrowc.li...@gmail.com> > wrote: > > On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joque...@e-fensive.net> wrote: >> Anyone else seeing DGA (1) like behavior for Comcast based >> customers? If so, is there any information on it? Seeing a >> lot of traffic to bogus domains all synonymous with their >> networks. >> > > don't they have a anti-botnet-automagic-walled-garden thing that's > supposed to stop this? > (also, example request RRs?)
If a residential broadband consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks. - ferg — Paul Ferguson ICEBRG.io Seattle, Washington, USA
signature.asc
Description: Message signed with OpenPGP
