all InfoSec news
APIs Used by Bots to Detect Public IP address, (Mon, Feb 6th)
Malware Analysis, News and Indicators - Latest topics malware.news
Many of the bots I am observing attempt to detect the infected system’s public (“WAN”) IP address. Most of these systems are assumed to be behind NAT. To detect the external IP address, these bots use various public APIs. It may be helpful to detect these requests. Many use unique host names. This will make detecting the request in DNS logs easy even if TLS is not intercepted.
Article Link: https://isc.sans.edu/diary/rss/29516
1 post - 1 participant
address apis bots detect dns external host ip address logs may names nat public request requests system systems tls wan