Негізгі мазмұнға өту

1 жазба тегпен"malware"

Барлық тегтерді қарау

zBLD vs. DGA — Detecting Algorithmically Generated Domains

· 2 мин. оқу
Yevgeniy Goncharov
Maintainer of OpenBLD.net

OpenBLD zBLD detection algorithm blocking DGA-generated domains

Malware and botnets use Domain Generation Algorithms (DGA) to generate hundreds or thousands of short-lived domains for communication with command-and-control infrastructure.

An attack example from real OpenBLD logs:

  • s-dfgfd-sdfz...zdssragv[.]mom
  • 96bccebb2f7e...wu7y6z[.]com
  • 60r...60pg0131[.]cc
  • and billions of similar domains.

Why are DGA domains harmful?

Beyond their malicious purpose, this chaotic DNS traffic pollutes resolver caches, increases CPU and I/O usage, and generates large volumes of low-value logs. At scale, it can cause higher resource consumption and degraded DNS performance.