Reply

DoH malware - how do we protect against these threats?

Expert
Posts: 227
203     0

Some of you might have read recently about some malware that leverages DoH:

 

https://www.techspot.com/news/80791-meet-godlua-first-known-malware-leverages-dns-over.html

 

So we're all asking ourselves here, what next? How do we protect against this? You can't just block port 443.

 

Are we going to have to rely on firewalls to do https inspection and look for "dodgy" DNS queries embedded inside the https data stream? That sounds VERY expensive to me.

 

We have to find a way to protect organisations from this threat, at the moment it seems to rely on ensuring all your browsers have DoH disabled, but how do you enforce that across the myriad of browsers and devices inside organisations these days?

 

Unless I am missing something, it feels like the genie has been let out of his bottle, and I have no idea how to get him back in!

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Showing results for 
Search instead for 
Do you mean 

Recommended for You