Honeypots
Picviz 0.4 released Oct 27 2008 11:10PM
Sebastien Tricaud (stricaud inl fr) (1 replies)
regarding malicious domains becoming inactive Nov 04 2008 06:35AM
Bhatnagar, Mayank (mbhatnagar ipolicynetworks com) (2 replies)

Hi,

Often we find while analyzing malwares that malicious domains become
inactive after some period of time.

They may be active during initial period of activity, malwares when
executed connecting to these domains, these domains then sending
malicious files....binaries etc.....but just as soon as this information
is being known or the behavior has been captured by IDS/IPS signatures
blocking this domain, soon the domain itself become inactive.

What do you feel should be the responsibility of IDS/IPS solution
providers? I feel keeping track of such domains (live or down) in an
automated manner may be one possibility, keeping a signature for some
time as a measure of protection another. Also maintaining blacklists of
these domains may be helpful.

How should one handle such cases? Any ideas?

Thanks & Regards,
Mayank

"DISCLAIMER:
This message is proprietary to iPolicy Networks-Security Products division of Tech Mahindra Limited and is intended solely for the use of the individuals to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. iPolicy Networks-Security Products division of Tech Mahindra Limited accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
"DISCLAIMER: This message is proprietary to iPolicy Networks - Security Products Division of Tech Mahindra Limited and is intended solely for the use of the individuals to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. iPolicy Networks - Security Products Division of Tech Mahindra Limited accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."

[ reply ]
Re: regarding malicious domains becoming inactive Nov 04 2008 04:28PM
Sushant Sinha (sushant umich edu) (1 replies)
Re: regarding malicious domains becoming inactive Nov 05 2008 06:16AM
yelukati mahendra (mahendra_yn yahoo com)
Re: regarding malicious domains becoming inactive Nov 04 2008 04:22PM
Andre D. Correa (andre correa pobox com)


 

Privacy Statement
Copyright 2010, SecurityFocus