Cybersecurity Incident response

What is DNS sinkhole? A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real website.  The higher up the DNS server is, the more computers it will block. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet. DNS Sinkholes are effective at detecting and blocking malicious traffic, and used to combat bots and other unwanted traffic. A sinkhole does not need to be a large DNS server, it only needs to be in the DNS lookup chain. The local  hosts file  on a  Windows ,  Unix  or  Linux  computer is checked before DNS servers, and can also be used to block sites in the same way. Example of Sinkhole Alert. ET TROJAN DNS Reply Sinkhole - Anubis - 195.22.26.192/26 SRC: 195.22.26.248 DST:10.101.8.116 ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat - 195.22.26.192/26 Fi...

There are several different reasons for typosquatters buying a typo domain: In order to try to sell the typo domain back to the brand owner To "park" the typo domain and make pay-per-click revenues from direct navigation misspellings of the intended domain To redirect the typo-traffic to a competitor To redirect the typo-traffic back to the brand itself, but through an affiliate link, thus earning commissions from the brand owner's affiliate program. This "typo domain affiliate" is one of the most financially damaging schemes as it siphons profits from the legitimate brand for traffic/customers that the brand would have gotten anyway had the typo domain not existed. As a phishing scheme to mimic the brand's site, while intercepting passwords which the visitor enters unsuspectingly To install drive-by malware or revenue generating adware onto the visitors' devices To harvest misaddressed e-mail messages mistakenly sent to the typo domain To block malevole...