Anyone else seeing DGA (1) like behavior for Comcast based
customers? If so, is there any information on it? Seeing a
lot of traffic to bogus domains all synonymous with their
networks.
1: https://en.wikipedia.org/wiki/Domain_generation_algorithm
don't they have a anti-botnet-automagic-walled-garden thing that's
supposed to stop this?
(also, example request RRs?)
If a residential broadband consumer’s computer gets pwned, there’s nothing really stopping a criminal from registering any sort of domain/hostname and pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect that it could be a DGA is a bit more difficult insofar as planning and logistics, but not improbable, methinks.
- ferg