Re: Comcast and DGA like behavior

[Paul Ferguson <fergdawgster () mykolab com>]

> On Apr 25, 2018, at 8:34 AM, Christopher Morrow <morrowc.lists () gmail com> wrote:
>
> On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joquendo () e-fensive net> wrote:
> > Anyone else seeing DGA (1) like behavior for Comcast based
> > customers? If so, is there any information on it? Seeing a
> > lot of traffic to bogus domains all synonymous with their
> > networks.
>
> don't they have a anti-botnet-automagic-walled-garden thing that's
> supposed to stop this?
> (also, example request RRs?)


If a residential broadband consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering 
any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it 
could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks.

- ferg

—
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA

Attachment: signature.asc
Description: Message signed with OpenPGP