Overcoming the Challenges of Detecting P2P Botnets on Your Network

Posted on Oct 13 2020 - 3:52pm by Newsfeed


One of the first countermeasures taken by botnet operators to address the architectural weaknesses involved relying on so-called bulletproof hosting. In laymen’s terms, it meant finding a hosting provider willing to turn a blind eye to client activity.

A second, often complementary solution involved using Domain Generating Algorithms (DGAs) as failsafes for situations where the C&C became unreachable. This technique consisted of embedding an algorithm within the bot to generate a series of domains that the malware would attempt to contact. The operator of the botnet only needed to register one of these domains and make it accessible to the bots.

About the Author