Amazon Route 53 Resolver DNS Firewall adds protection against Dictionary-based DGA attacks
Starting today, you can enable Route 53 Resolver DNS Firewall Advanced to monitor and block queries associated with Dictionary-based Domain Generation Algorithm (DGA) attacks, that generate domain names by pseudo-randomly concatenating words from a predefined dictionary, creating human-readable strings to evade detection.
Route 53 DNS Firewall Advanced is an offering on Route 53 DNS Firewall that enables you to enforce protections to monitor and block your DNS traffic in real-time based on anomalies identified in the domain names being queried from your VPCs. These include protections for DNS tunneling and DGA attacks. With this launch, you can also enforce protections for Dictionary-based DGA attacks, which is a variant of the DGA attack, where domain names are generated to mimic and blend with legitimate domain names, to resist detection. To get started, you can configure one or multiple DNS Firewall Advanced rule(s), specifying Dictionary DGA as the threat to be inspected. You can add the rule(s) to a DNS Firewall rule group and enforce it on your VPCs by associating the rule group to each desired VPC directly or by using Amazon Firewall Manager, Amazon Resource Access Manager (RAM), Amazon CloudFormation, or Route 53 Profiles.
To learn more about the new capabilities and the pricing, visit the Route 53 webpage and the Route 53 pricing page. To get started, visit the Route 53 documentation.