nanog mailing list archives
Re: Comcast and DGA like behavior
From: Paul Ferguson <fergdawgster () mykolab com>
Date: Wed, 25 Apr 2018 08:40:19 -0700
On Apr 25, 2018, at 8:34 AM, Christopher Morrow <morrowc.lists () gmail com> wrote: On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joquendo () e-fensive net> wrote:Anyone else seeing DGA (1) like behavior for Comcast based customers? If so, is there any information on it? Seeing a lot of traffic to bogus domains all synonymous with their networks.don't they have a anti-botnet-automagic-walled-garden thing that's supposed to stop this? (also, example request RRs?)
If a residential broadband consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks. - ferg — Paul Ferguson ICEBRG.io Seattle, Washington, USA
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Comcast and DGA like behavior J. Oquendo (Apr 25)
- Re: Comcast and DGA like behavior Christopher Morrow (Apr 25)
- Re: Comcast and DGA like behavior Paul Ferguson (Apr 25)
- Re: Comcast and DGA like behavior Christopher Morrow (Apr 25)