InfoSec Handlers Diary Blog - Do you block "new" domain names?

SANS ISC: InfoSec Handlers Diary Blog - Do you block "new" domain names?

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Do you block "new" domain names?

Published: 2014-02-04
Last Updated: 2014-02-04 12:41:39 UTC
by Johannes Ullrich (Version: 1)

This is more a quick question then a full post: Many attacks use recently registered domain names. Do you block newly registered domain names (lets say for the first week)? What system do you use to do so? I am thinking about setting up a simple API to return a "days registered" for a domain name, but first want to see what else is out there.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: DNS

14 comment(s)

Top of page

Diary Archives