Dailydave mailing list archives

Re: Beyond Fast Flux

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sat, 15 Dec 2007 02:44:30 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Brandon Enright <bmenrigh () ucsd edu> wrote:

If you're going to attack something you should back your argument up
with a little evidence.  The C&C methods mentioned in the paper are:

* IRC
* HTTP to single server
* Fast-Flux of DNS Servers
* Storm P2P protocols
* PINK

About the only thing they missed was DHT, which is arguably covered by
Storm.

PINK is a good idea.  If it really is light-years behind the criminals
show us the papers, presentations, and discussions of more advanced >C&C.
If your argument is that PINK is primitive or that it won't work,
respond with a paper, a countermeasure, or at the very least a detailed
email of possible flaws in it.  C'mon, Gadi, you know better.


What about Open DNS resolvers, using double-flux, combined with the
Storm Overnet?

:-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHYz+Nq1pz9mNUZTMRAv6HAJ9ImdXXvj2bFKn3g45Mo236RjAF3QCg8ohH
yTozjLY3oGFre6ntmOtKwQs=
=8fSS
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Beyond Fast Flux Dave Aitel (Dec 14)
- Re: Beyond Fast Flux Gadi Evron (Dec 14)
  - Re: Beyond Fast Flux Brandon Enright (Dec 14)
  - Re: Beyond Fast Flux ChromeSilver (Dec 15)
  - Re: Beyond Fast Flux Lance M. Havok (Dec 16)
  - Re: Beyond Fast Flux Dude VanWinkle (Dec 17)
- Re: Beyond Fast Flux Fosforo (Dec 14)
- <Possible follow-ups>
- Re: Beyond Fast Flux Paul Ferguson (Dec 14)
  - Re: Beyond Fast Flux matthew wollenweber (Dec 15)
    - Re: Beyond Fast Flux Dave Aitel (Dec 17)