Good article. The only thought I have is that most malware domains have very short lifetimes.
It would be interesting to know if there's a tool available that would examine DNS queries to see if the domain being queried is less than 'x' days old, and give a negative answer. Kurt On Fri, Oct 16, 2015 at 7:59 PM, Richard Stovall <[email protected]> wrote: > I had not heard of this before. > > https://zeltser.com/c2-dns-tunneling/ > > How in the world can most SMBs ever begin to beat back this kind of stuff?
