Sinkholing is the redirection of traffic from its original destination to one specified by the sinkhole owners. The altered destination is known as the sinkhole. (The name is a reference to a physical sinkhole, into which items apparently disappear.)
Sinkholes can be used for good or ill intent. Most commonly, sinkholes are used to redirect zombies in a botnet to specified research machines to capture data about them.
When you have tons of leftovers you put them in Tupperware. When you have an excess of phone calls, you send them to voicemail. And when you have a deluge of junk from a botnet attacking your network, you put all that malicious traffic into a sinkhole. Sinkholing is a technique for manipulating data flow in a network; you redirect traffic from its intended destination to the server of your choosing. It can be used maliciously, to steer legitimate traffic away from its intended recipient, but security professionals more commonly use sinkholing as a tool for research and reacting to attacks. When bots in a botnet phone home to their command and control server, for instance, you might sinkhole the domain they reach out to, diverting the requests so that you can monitor activity on the botnet, track the IP addresses contacting the domain, or neuter it so the bots can’t receive commands. Engaging post, Read More…
thumbnail courtesy of wired.com
If you like to receive more of these curated news alerts then subscribe to my mailing list.