Comment by afandian

1 day ago

I can see a future where Cloudflare or similar offer a DNS + proxy + Root CA combo to intercept these. Maybe they already do.

If I’m remembering correctly, Conficker was the first major use of this technique. They used a relatively small domain pool (250) so the registries were able to lock them up preemptively.

I remember a couple legitimate sites getting slammed by accidental DDOS because the algorithm happened to generate their domain, but having a hard time finding a reference to that.

https://en.m.wikipedia.org/wiki/Conficker

That might work for the current generation of bots, but it will become infeasible when the domain names are generated in such a way that they overlap with spellable and existing domain names.

  • > it will become infeasible when the domain names are generated in such a way that they overlap with spellable and existing domain names.

    And why do you believe this will even happen?