📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Sinkhole

From EverybodyWiki Bios & Wiki




In cyber security terminology, a sinkhole is the location directed to when a device attempts to access a domain but is instead directed to a location which was not the intended target. This typically occurs when malware attempts to connect to a command and control centre, but the connection is instead made to a benign location owned by a security organisation. This can happen either because the security organisation has acquired the domain, or a DNS server is configured to direct known malicious traffic to a benign location (called DNS sinkholing [1]).

Types of Sinkhole[edit]

Sinkholed Malicious Domains[edit]

Security companies and independent researchers acquire domains which have previously been used, are actively used, or are expected to be used in the future by malware. The benign location the malware then directs to is referred to as a sinkhole.

One example case of security companies acquiring known malicious domains is the sinkholing of domains associated with the Conficker worm [2]. Each variant of the malware randomly generated domain names in a process known as domain fluxing [3]. Security organisations made efforts to sinkhole all domains used by the worm, in order to prevent it being able to successfully update.

DNS Sinkhole[edit]

Main article: DNS sinkhole

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[4] is a DNS server that gives out false information[clarification needed], to prevent the use of a domain name.

References[edit]

  1. https://en.wikipedia.org/wiki/DNS_sinkhole
  2. https://en.wikipedia.org/wiki/Conficker#Response
  3. https://searchsecurity.techtarget.com/definition/domain-fluxing
  4. kevross33, pfsense.org (November 22, 2011). "BlackholeDNS: Anyone tried it with pfsense?". Retrieved October 12, 2012.

Sinkhole (in cyber security)[edit]


This article "Sinkhole" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Sinkhole. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.

Page kept on Wikipedia This page exists already on Wikipedia.

Retrieved from "https://en.everybodywiki.com/index.php?title=Sinkhole&oldid=4705684"
License CC BY-SA 3.0
Powered by MediaWiki
Powered by Semantic MediaWiki