DNS Sinkholes

The Importance of DNS Sinkholes

A DNS Sinkhole will alert IT when malware tries to connect to known command and control servers, will protect users from going to known bad servers on the Internet, and can also be used to prevent users from going to sites deemed inappropriate by the organization.

Limitations of DNS Sinkholes

DNS Sinkholes have the same limitation as all blacklisting technologies in that they will never have a complete list of malicious sites.

In addition, malicious uses can circumvent the DNS Sinkhole using a relay service (such as "Tor").

Vidder’s Recommendations for DNS Sinkholes

For smaller companies, after more conventional security controls have been put in place, Vidder recommends using a DNS Sinkhole to trap malware connecting to known command and control servers and protect users from connecting to known bad servers. A small number of free blacklisting services are available, as is a free Linux Sinkhole application.

A DNS Sinkhole can also be used to prevent non-malicious users from connecting to their home network using an application such as GoToMyPC on relay servers. (Note: malicious users will still be able to circumvent this control via relay servers, as mentioned above).

Trusted Networking

Architecture

Applications

Industries

Overview

Internet Services

Perimeter Penetrating

Lateral Movement

Secure Clients/Servers

Data Security

Secure Networks

Secure Admins