So if I can configure whatever IP I want, in theory I could build a simple website that informs the user what happened and inform them to contact desktop support? Hello mario, Building a simple website would not work to inform end users in the event of malicious software. The malicious software would generally make background calls either for command and control or for payload delivery and the end user would not see this (unless they were browsing to a malicious site) traffic. A DNS sinkhole works by 'spoofing' the DNS servers response for malicious or unwanted hosts/domains. You configure to return a false IP for these request. When a users machine request to resolve a malicious address the sinkhole returns a non-routable address. This would deny the client a connection. Logs would then indicate source and destination of sinkhole address.
... View more