nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: On-going Internet Emergency and Domain Names

From: alex () pilosoft com
Date: Sat, 31 Mar 2007 10:24:04 -0400 (EDT)

On Sat, 31 Mar 2007, Gadi Evron wrote:


domains listed on http://isc.sans.org/, is that an authoritative site
of botnet hunters? If so, there are couple of surprises for you.  
baidu.com listed there is a chinese equivalent of google, who'd get
very upset if its domain name got "revoked". Similarly, alexa.com.

There needs to be due process for these actions. And once we close
this vector, I'm sure that botnets will simply migrate away from DNS
to some other protocol.


YOu shouldn't confuse TCP/IP for the control channel of the botnets
which is IRC, HTTP, etc.

I'm not sure I understand your point. Intarweb Storm Center listed a
number of domain names "involved in these attacks", presumably so the
registrars/registries pull the DNS records. I am pointing out that at
least two of the ones listed are innocent.

What does TCP/IP or IRC or HTTP have to do with anything?


DNS is not going anywhere, patch for the hosts file or not.

Glad you understand that.
Previous By Date Next
Previous By Thread Next

Current thread: