[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comcast and DGA like behavior

Subject: Comcast and DGA like behavior
From: fergdawgster at mykolab.com (Paul Ferguson)
Date: Wed, 25 Apr 2018 08:40:19 -0700
In-reply-to: <CAL9jL[email protected]>
References: <[email protected]> <CAL9jL[email protected]>

> On Apr 25, 2018, at 8:34 AM, Christopher Morrow <morrowc.lists at gmail.com> wrote:
> 
> On Wed, Apr 25, 2018 at 11:28 AM, J. Oquendo <joquendo at e-fensive.net> wrote:
>> Anyone else seeing DGA (1) like behavior for Comcast based
>> customers? If so, is there any information on it? Seeing a
>> lot of traffic to bogus domains all synonymous with their
>> networks.
>> 
> 
> don't they have a anti-botnet-automagic-walled-garden thing that's
> supposed to stop this?
> (also, example request RRs?)

If a residential broadband consumerâ??s computer gets pwned, thereâ??s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, thatâ??s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks.

- ferg

â??
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180425/20b50685/attachment.sig>

References:
- Comcast and DGA like behavior
  - From: joquendo at e-fensive.net (J. Oquendo)
- Comcast and DGA like behavior
  - From: morrowc.lists at gmail.com (Christopher Morrow)

Prev by Date: Is WHOIS going to go away?
Next by Date: Is WHOIS going to go away?
Previous by thread: Comcast and DGA like behavior
Next by thread: Internet topology resources
Index(es):
- Date
- Thread