Advertisement
Passive DNS replication is a technology which constructs zone replicas without cooperation from zone administrators, based on captured name server responses. The main idea behind passive DNS is as follows: Inter-server DNS messages are captured by sensors and forwarded to a collection point for analysis. After being processed, individual DNS records are stored in a database where they can be indexed and queried. Passive DNS may be very useful in malware investigations as it may help researchers in discovering network infrastructure operated by the same group of criminals, other domains being used to distribute a given malware variant, algorithm-governed C&C communication points, etc.Link: VirusTotal

Advertisement
Advertisement