funsec mailing list archives

Re: Botnet pioneer is only 19??!!!

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 01 Jul 2008 11:50:31 +1200

Randy wrote:

<<snip>>

"Fast-Flux", its called. Who on this list is up to date on this? I
would be interested in understanding this if this is what we have to
fight.
I have been asleep in this area. I'm googling now but links are welcomed!


Fast-flux is well over two years old and has been the source of a deal of 
trouble in the incident-response community because of the total lack of 
clue so many registrars have of this technique.  Nuking a fluxing domain 
primarily depends on killing the domain(s) of the DNS and getting 
(clueless) registrars to kill domains that appear to be (purely) for the 
provision of DNS services can be a real battle, even when the only 
domains being serviced by those DNS domains are domains in every URL 
blocklist.

Ohhhh, and it certainly hasn't been helped by _TOTALLY_ clueless moves 
such as ICANN's purely evil-assisting "domain tasting" idiocy...


Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Botnet pioneer is only 19??!!! Randy (Jun 30)
- Re: Botnet pioneer is only 19??!!! David Watson (Jun 30)
- Re: Botnet pioneer is only 19??!!! Dave Dennis (Jun 30)
- Re: Botnet pioneer is only 19??!!! Nick FitzGerald (Jun 30)
- <Possible follow-ups>
- Re: Botnet pioneer is only 19??!!! Randy (Jun 30)
  - Re: Botnet pioneer is only 19??!!! Dave Dittrich (Jun 30)