To give you the best experience, this site uses cookies. By continuing to use our site, you agree to our use of cookies. To learn more, please read our privacy policy.
What is Sinkholing and How Does It Protect Against Security Threats?
July 11th, 2016

What is Sinkholing and How Does It Protect Against Security Threats?

Bill Gaskill

A sinkhole is a method used to redirect specific IP network traffic for security reasons. Examples of redirection of traffic include analysis, detection of abnormal activities and prevention of malwar...

A sinkhole is a method used to redirect specific IP network traffic for security reasons. Examples of redirection of traffic include analysis, detection of abnormal activities and prevention of malware attacks. Sinkholes are used by network administrators to prevent security attacks on valuable intelligence.

Sinkhole owners intentionally direct malicious traffic to their deploy servers. Once the traffic is in the sinkhole, it can no longer hurt its intended targets. The traffic can be analyzed to reveal the source of the attack and how the attack occurred. Darknets and honeynets are two kinds of sinkhole decoy servers which are designed to neutralize botnets.

What is a botnet

Botnets are a well-known security threat to both business and personal computers.  A zombie army or a botnet is a group of computers that forward  malicious traffic to other computers on the internet. The botnets infect the computers and place them under the control of the cyber criminal who can then access the network for his or her own, usually nefarious, purposes.

Sinkholing protects against the botnet threat. Sinkholing will redirect the virus to a decoy server.

Computer owners who fail to use the appropriate firewalls and/or sinkholes risk having their computer co-opted to serve in a zombie army.

How does sinkholing disable the botnet?

Sinkholing has the ability to disable the botnet as well as the compromised endpoints. Security experts use decoys such as a honeynet or darknet to entrap potential hackers. These servers gather information on how the malware works, reveal the source and how to effectively disable it. When the botnet is discovered, and the traffic is analyzed, sinkhole users can determine the control source.

Sinkholing takes control of the hacker’s command center determining what data was compromised. This information helps security specialists quickly identify the impact and how to respond. One such response is to change the DNS servers and redirect all traffic to the sinkhole.

What is a Darknet?

Darknets originated in 2004. They are small file sharing networks where people connect with users they trust. Darknets are used for entrapment of malware.

A darknet is a powerful security tool where misconfiguration or malware scanning can be discovered easily because the websites on darknet are anonymous and do not require any special tools.

Due to the limited number of users, it is easy for a security expert or administrator to spot any unusual activity on their network. Normal browsers cannot open the websites whose domains are .onion because they are a string of random characters ending with the extension .onion. The websites are inaccessible to normal search engines and cannot be indexed on the internet. The original purpose of the hidden network was anonymous communications within the military so messages could be encrypted and kept secret.

What is a Honeynet?

A honeynet is a simulated computer network using a decoy server designed to test network security. Honeynets are developed to help computer security experts improve security for networks and servers. Hackers routinely engage in scans of the internet’s address space searching for poorly defended computers. A honeynet records the hacker’s actions while eliminating the risk of viruses to the user’s server.

Final thoughts

Cyber security is crucial for anyone who owns a computer.  Most people have heard of a botnet but have no idea how to counteract it. Sinkholing is a simple technique for keeping your computer and information safe. The purpose of a sinkhole is to collect information about infected computers so the network owner can remove the malware from their computer.


Related Articles

Ordinary Phone or Smart Hub?