the abuse by snake espionagetool of free DNS services

these free DNS services give you the possibility to host on a server or pc different domains and to use their DNS service or redirect service

and if you want to block the service no-ip.com than you have to block the following domains

len is my testname so len.ddns.me should become *.ddns.me

off course most of the domains that used no-Ip.com are gone or blocked but they will need more pro-active monitoring and an automatic control of urlblockinglists to automatically receive reports for those that use their services

otherwise other snakes will bite them

the other ones they have used are these ones


 It makes it easy to get the domains of the web - if those services have permanent and fast security services but it makes it a cat and mouse game

in the versions that are discussed here it seems that some of the subdomains are hardencoded which is silly (and stupid) as the domains are gone but which means that putting those domains in a list and let it go through your logs of internetconnections to find any trace may be an interesting indicator (but not an absolute one)

we can presume that in future they will be able to change that

but it also means that the firms in question should not just block the domain and make it available after a few weeks of months or years because we have seen with other botnetinfections with dns.be that even when the domains were liberated three years later for sale they were immediately rebought by the operators (to the astonishment of DNS.be). But it was logical to me because as they had hardencoded the domainname in the botnet they would - at the low price of a domainname and some hosting - recuperate maybe some computers that weren't cleaned (don't be surprised because this is still very much the case in many networks)

you could off course decide to ask your webfiltercompany to get a category included to be able to block such free hosting and free dns services to limit the risks

some free dns and redirection services have lately closed doors or changed course into professional services for companies because the workload with all the criminal activity was becoming too big to bear

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.