• Home
  • Categories
    • Domain Sales
    • Services
    • Domain Registrars
    • Domain Parking
    • Expired Domains
    • We Get It
    • Policy & Law
    • Uncategorized
    • Podcasts
  • About
  • Advertise
  • Disclosures
    • Facebook
    • RSS
    • Twitter
    • YouTube

Domain Name Wire | Domain Name News

Domain Name Industry News

Featured Domains

Domain name sinkholes and those funky domain registrations

by Andrew Allemann — September 18, 2018 Uncategorized 2 Comments

Sinkholes are why you see companies register a bunch of weird domain names.

A different kind of sinkhole.

Palo Alto Networks Inc was granted a patent today related to domain sinkholing, and it’s a continuation patent of one that was granted in 2016.

It reminded me of times I’ve seen companies (notably Microsoft) register a bunch of nonsensical domain names. Why would a company register a lot of domains with random digits and letters?

The answer is often that it’s a sinkhole.

A sinkhole redirects or blocks traffic meant for a destination. They are used by the security community to stop botnet traffic, phishing and other bad activity.

There are many ways to create a sinkhole. An ISP can simply divert traffic from the IP address nameserver you see in Whois to another. A company (or the government) can also go through the courts to get control of a domain name and then change its nameservers.

Some malware campaigns continually register new domain names as their other names get snuffed out and blocked by security companies. It’s sometimes possible to figure out what the future domain registrations will be, and that’s when you might see a company register a huge list of odd domain names. They know what domains the malware will register next, so the company registers the domains to prevent them from being registered by the bad guys.

A famous example of registering a domain to stop an attack was the domain name iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea(.)com. A person researching the WannaCry ransomware noticed this domain in the malware and registered it. It turns out that registering the domain acted as a killswitch. The malware was programmed to check in on this domain and stop if the domain was registered.

While the WannaCry example isn’t a typical sinkhole, it’s interesting to think about how domain names are used to propagate malware and botnets, and how registering domains can thwart the bad guys.

  • Tweet
  • Email

2 Comments Tags: domain sinkhole, security, sinkhole

Get the DNW Newsletter – sign up here.

Archives

Partners & Sponsors

HostingFacts.com



Top Stories

  • 01.

    Ethos paid $1.135 billion for .Org

    POSTED UNDER Policy & Law

  • 02.

    ISOC chapter breaks ranks, criticizes deal to sell .Org

    POSTED UNDER Policy & Law

  • 03.

    CBD company pays $160,000 for GreenRoads.com after losing UDRP

    POSTED UNDER Domain Sales

  • Privacy Policy & Terms of Service
  • Disclosures
  • Advertising
© 2005–2019 Domain Name Wire • DNW and Domain Name Wire are trademarks of Brainstorm Labs, LLC

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.