Dynamic DNS

From pre-attack
Jump to: navigation, search


Dynamic DNS
Technique
ID PRE-T1088
Tactic Adversary OPSEC

Definition

Dynamic DNS is a method of automatically updating a name in the DNS system. Providers offer this rapid reconfiguration of IPs to hostnames as a service.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Flexible and re-configurable command and control servers, along with deniable ownership and reduced cost of ownership.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not know at first use what is valid or hostile traffic without more context. It is possible, however, for defenders to see if the PTR record for an address is hosted by a known DDNS provider. There is potential to assign some level of risk based on this.

Similar Techniques for Other Tactics

TacticArticle
Adversary OPSECDynamic DNS
Establish & Maintain InfrastructureDynamic DNS