Feed

Visualizing the Hosting Patterns of Modern Cybercriminals

Posted on September 25th, 2010 in Domain News by dglosser

Nice article on SANs:

Andrew Hunt – Visualizing the Hosting Patterns of Modern Cybercriminals

For example when seed data pulled from Malware Domains is correlated with passive DNS and ASN data, then visualized, it is possible to see how the majority of the authoritative nameservers are hosted in the same network block. This dependence indicates an investment by the aggressor into a particular hosting company and can provide an effective network-level block at relatively low cost. As always, be aware of potential collateral damage when blocking a network portion that may also contain legitimate IP hosting space.

Comments are closed.