In this article, I will explain What is Sinkholing Botnets. A DNS Sinkhole is also known as Sinkhole Server, Internet Sinkhole, Blackhole DNS.
Before we talk about Sinkholing Botnets we need to understand about Botnet. A botnet is made up of two words robot and network. Hackers use Trojan to breach the security of users’ computers and take control of each computer. Use them combined to get technical power to launch the attacks on other computers mainly enterprises’ servers. These types of bots are used in DDoS attacks to get Keystrokes of the user or to steal data from the user. They are normally sent through spam emails, fake software installs, visiting fake web pages. It is often hired by companies to make money. To avoid the botnets attacking your network Sinkholes are used to dump the malicious traffic.
Sinkholing Botnets is a process that used to manipulate the data flow in a network to redirect its traffic to the server of your choice. By this process, the malicious traffic goes to the research centre and will be analyzed. This is mostly used by security professionals and anti-viruses.
For instance, think that you sinkhole the domain cyber-criminals reaching out to, diverting the requests of the website so that we can monitor the activity on the botnet. This could help to track the IP address contacting the domain or neutralize it so that the bots can’t receive the commands. Officials also use this technique in investigations and criminals infrastructure takedowns. Most of ISP’s use sinkholes every day to protect their networks and to manage the traffic.
For Example, You want to visit LinuxandUbuntu’s website on your device. You will first open a browser and then type the URL LinuxandUbuntu.com. The server of Domain Name System will respond to your request with IP address of the LinuxandUbuntu.com. If the domain was sinkhole your browser would redirect to an IP address other than LinunxandUbuntu server.
Sinkholes are most-used tools in the present world for network management, research, and threat analysis. They play important role in containing secrets. A security researcher Marcus Hutchins who is well known by the name MalwareTech, set up a sinkhole that stopped the Wanna Cry ransomware. He found that it was programmed to check a nonsense URL led to live web. He spent $10 to register the domain.
The Ransomware for programmed to check the domain is active or not and shut down if it found the domain is live. The North Korean developers behind WannaCry made a mistake of using static instead of randomly changed. As a result, Marcus was able to set up the domain and changed it to his sinkhole servers to study its queries.
“A Sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them,” Marcus wrote. His Sinkhole did not decrypt the computers that are infected with the ransomware.
Though sinkholes don’t usually have such an outwardly exciting role in network security, they are an important tool.