Dynamic Domain Monitoring

If you’re not watching the dynamic dns domain traffic on your network, you’re missing things.

Even if you or your web filtering/proxy solutions is blocking them, you still need to watch for them.

Compromised hosts will often use them as C2.

Depending on the size of your network, you may need to do some heavy tuning…but trust me, it’s worth it.

MalwareDomains.com list of Dynamic Domains

Just throw the domains in a csv and run it against your proxy logs and dns logs every 24. Be a hero.

Comments are closed.