본문 바로가기

KrCERT/CC

close

KrCERT/CC

KOR

close

For Corperations & Entities

Home What We Do For Corperations & Entities DNS sinkhole

Corporate services introduction Home

MyServer Caregiver

Security vulnerability check

Diagnose SW development security

Reinforce the security of SME homepages

Cyber Threat Analysis & Sharing (C-TAS) System

Mock training to respond to cyber crises

Cyber security regular training platform

What is a DNS sinkhole? Service Home

This service blocks the connection between the malicious bot and the hacker's command/control server to prevent the hacker from controlling the PC infected by the malicious bot.

Service targets

Support Targets
- Private organization that operates its own DNS server

Service details

Before applying DNS sinkhole

Before applying DNS sinkhole(1. Request bot command/control server IP address, 2. Forward the bot command/control server IP address, 3. Access to malicious bot infection system command/control server, 4. Sending Malicious Commands

After applying DNS sinkhole

After applying DNS sinkhole(1. Request bot command/control server IP address, 2. Sinkhole IP address forwarding, 3. Connection with hackers is blocked and malicious commands are not delivered

When a malicious bot attempts to connect to a hacker's command/control server, it bypasses the KISA sinkhole server and prevents it from receiving the hacker's malicious command.
※ When a malicious bot uses a domain among command/control server identification information (domain, IP address), this is a method of changing the response IP address to a sinkhole server.

Top