funsec mailing list archives
Re: Botnet pioneer is only 19??!!!
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 01 Jul 2008 11:50:31 +1200
Randy wrote: <<snip>>
"Fast-Flux", its called. Who on this list is up to date on this? I would be interested in understanding this if this is what we have to fight. I have been asleep in this area. I'm googling now but links are welcomed!
Fast-flux is well over two years old and has been the source of a deal of trouble in the incident-response community because of the total lack of clue so many registrars have of this technique. Nuking a fluxing domain primarily depends on killing the domain(s) of the DNS and getting (clueless) registrars to kill domains that appear to be (purely) for the provision of DNS services can be a real battle, even when the only domains being serviced by those DNS domains are domains in every URL blocklist. Ohhhh, and it certainly hasn't been helped by _TOTALLY_ clueless moves such as ICANN's purely evil-assisting "domain tasting" idiocy... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Botnet pioneer is only 19??!!! Randy (Jun 30)
- Re: Botnet pioneer is only 19??!!! David Watson (Jun 30)
- Re: Botnet pioneer is only 19??!!! Dave Dennis (Jun 30)
- Re: Botnet pioneer is only 19??!!! Nick FitzGerald (Jun 30)
- <Possible follow-ups>
- Re: Botnet pioneer is only 19??!!! Randy (Jun 30)
- Re: Botnet pioneer is only 19??!!! Dave Dittrich (Jun 30)