funsec mailing list archives
Re: [Full-disclosure] stupid question again
From: RandallM <randallm () fidmail com>
Date: Fri, 11 Dec 2009 20:51:12 -0600
On Fri, Dec 11, 2009 at 8:29 PM, <Valdis.Kletnieks () vt edu> wrote:
On Fri, 11 Dec 2009 20:00:34 CST, RandallM said:i am so sorry. I just don't understand this. Computer is infected. userhasDNS redirects to any and all site for help. Why can't the good guys usesometype of fast flux or url obfuscation to hide help standalone software to down load and use?Hint - if you can find it, or the good guys software can find it, the bad guys software can *also* find it and disable the queries. Sure, if www.mcafee.com is really 1234dd432423.wdfasdf241234edre.com, but only till midnite, then you need to look at 3343edrewerwer.13421343.com that's not going to help you get your machine disinfected, is it? Heck - the bad guys don't even need to know how it's generated - they can get a pretty good idea by just tapping into the DNS resolver library and looking for obfuscated names they don't fast-flux themselves. Just tossing out www.anything, mail.anything, and maybe 3-4 others, and you're looking at a pretty damned good filter for the good-guys fast-flux sites.
GAWD I hate it when you all "might be right". But I still believe cause I care. -- been great, thanks a.k.a System
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- stupid question again RandallM (Dec 11)
- Re: [Full-disclosure] stupid question again Valdis . Kletnieks (Dec 11)
- Re: [Full-disclosure] stupid question again RandallM (Dec 11)
- Message not available
- Re: [Full-disclosure] stupid question again RandallM (Dec 11)
- Re: [Full-disclosure] stupid question again Valdis . Kletnieks (Dec 11)