On Fri, 30 Mar 2007, Jeff Shultz wrote:
>
> So, is there a list of domains that we could null-route
if we could
> convince our DNS managers to set us up as the SOA for
those domains on
> our local DNS servers - thus protecting our own
customers somewhat?
>
> I won't discount the assertion that there is some sort
of emergency
> occurring. I would however, like to see a bit of a
reference to where we
> can learn more about what is going on (I assume this is
the javascript
> exploit I heard about a couple days ago).
I'm afraid disclosing these URLs at this time is not wise.
The SANS ISC
released strings from them which would help you mitigate.
This email is about the problem with the current incident
(which is being
handled) as the latest example of a situation going bad.
Thanks,
Gadi.
|
