Amazon Route 53 DNS Firewall adds protection against Dictionary-based DGA attacks

Starting today, you can enable Route 53 Resolver DNS Firewall Advanced to monitor and block queries associated with Dictionary-based Domain Generation Algorithm (DGA) attacks, that generate domain names by pseudo-randomly concatenating words from a predefined dictionary, creating human-readable strings to evade detection.

Route 53 DNS Firewall Advanced is an offering on Route 53 DNS Firewall that enables you to enforce protections to monitor and block your DNS traffic in real-time based on anomalies identified in the domain names being queried from your VPCs. These include protections for DNS tunneling and DGA attacks. With this launch, you can also enforce protections for Dictionary-based DGA attacks, which is a variant of the DGA attack, where domain names are generated to mimic and blend with legitimate domain names, to resist detection. To get started, you can configure one or multiple DNS Firewall Advanced rule(s), specifying Dictionary DGA as the threat to be inspected. You can add the rule(s) to a DNS Firewall rule group, and enforce it on your VPCs by associating the rule group to each desired VPC directly or by using AWS Firewall Manager, AWS Resource Access Manager (RAM), AWS CloudFormation, or Route 53 Profiles.

Route 53 Resolver DNS Firewall Advanced support for Dictionary DGA is available in all AWS Regions, including the AWS GovCloud (US) Regions. To learn more about the new capabilities and the pricing, visit the Route 53 Resolver DNS Firewall webpage and the Route 53 pricing page. To get started, visit the Route 53 documentation.

Categories: general:products/amazon-route-53,marketing:marchitecture/security-identity-and-compliance,marketing:marchitecture/networking,general:products/aws-govcloud-us

Source: Amazon Web Services

Latest Posts