Dynamic DNS - A Survey of the Abuse Mechanisms Affecting It and the Growing Problem for Network Defenders Defending Against Them
Dynamic DNS although generally used to provide legitimate services has, like so many other technologies in use today, been exploited for a variety of criminal purposes. Dynamic DNS is being actively and extensively used today for Botnet Command and Control, (C&C), Advanced Persistent Threat (APT) Attacks, (Operation Aurora, RSA etc.), Drive-by downloads, Exploit Pack utilisation and varied Phishing activities. The attribution of such attacks is increasingly difficult for Law Enforcement (LE) and network defenders, especially the initial identification of malicious domain registrants who use dynamic DNS providers that require little or no identification to initially setup accounts, privacy protection services and aliases to cover their tracks.