Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Do you block "new" domain names? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Do you block "new" domain names?

Published: 2014-02-04
Last Updated: 2014-02-04 12:41:39 UTC
by Johannes Ullrich (Version: 1)
14 comment(s)

This is more a quick question then a full post: Many attacks use recently registered domain names. Do you block newly registered domain names (lets say for the first week)? What system do you use to do so? I am thinking about setting up a simple API to return a "days registered" for a domain name, but first want to see what else is out there.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: DNS
14 comment(s)
Diary Archives