Re: On-going Internet Emergency and Domain Names

Email lists > North American Network Operators Group

Thread: Re: On-going Internet Emergency and Domain Names

Search this list only Search all lists
Re: On-going Internet Emergency and Domain Names
United States	2007-03-31 09:18:04
On Sat, 31 Mar 2007 alexpilosoft.com wrote: > OK, so, do you officially declare the emergency? Should we all block the This is an emergecy incident on the scale of WMF, but no, it is indeed being handled. I am raising the flag on an ever increasing problem with DNS. This latest incident illustrates some of our operational problems with the security of the Internet. > domains listed on http://isc.sans.org/, is that an authoritative site of > botnet hunters? If so, there are couple of surprises for you. > baidu.com listed there is a chinese equivalent of google, who'd get very > upset if its domain name got "revoked". Similarly, alexa.com. > > There needs to be due process for these actions. And once we close this > vector, I'm sure that botnets will simply migrate away from DNS to some > other protocol. YOu shouldn't confuse TCP/IP for the control channel of the botnets which is IRC, HTTP, etc. DNS is not going anywhere, patch for the hosts file or not. > > > -alex >

Re: On-going Internet Emergency and Domain Names
United States	2007-03-31 09:24:04
On Sat, 31 Mar 2007, Gadi Evron wrote: > > domains listed on http://isc.sans.org/, is that an authoritative site > > of botnet hunters? If so, there are couple of surprises for you. > > baidu.com listed there is a chinese equivalent of google, who'd get > > very upset if its domain name got "revoked". Similarly, alexa.com. > > > > There needs to be due process for these actions. And once we close > > this vector, I'm sure that botnets will simply migrate away from DNS > > to some other protocol. > > YOu shouldn't confuse TCP/IP for the control channel of the botnets > which is IRC, HTTP, etc. I'm not sure I understand your point. Intarweb Storm Center listed a number of domain names "involved in these attacks", presumably so the registrars/registries pull the DNS records. I am pointing out that at least two of the ones listed are innocent. What does TCP/IP or IRC or HTTP have to do with anything? > DNS is not going anywhere, patch for the hosts file or not. Glad you understand that.

Re: On-going Internet Emergency and Domain Names
Australia	2007-03-31 09:45:15
On Sat, Mar 31, 2007, Gadi Evron wrote: > > On Sat, 31 Mar 2007 alexpilosoft.com wrote: > > OK, so, do you officially declare the emergency? Should we all block the > > This is an emergecy incident on the scale of WMF, but no, it is indeed > being handled. I am raising the flag on an ever increasing problem with > DNS. One could argue its an ever increasing problem with IP. > This latest incident illustrates some of our operational problems with the > security of the Internet. Again; one could argue its also an increasing problem with IP. I wonder if anyone can come up with methods of solving this at the IP layer.. > > There needs to be due process for these actions. And once we close this > > vector, I'm sure that botnets will simply migrate away from DNS to some > > other protocol. > > YOu shouldn't confuse TCP/IP for the control channel of the botnets which > is IRC, HTTP, etc. > > DNS is not going anywhere, patch for the hosts file or not. And I'm sure they'll migrate away from DNS when it becomes inconvienent. I'm still pleasantly surprised how many organisations spend large amounts of money controlling what comes in and almost never try to handle what goes -out-. Adrian

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES