Re: idea

[Valdis.Kletnieks () vt edu]

On Wed, 31 Dec 2008 21:58:57 CST, RandallM said:

> Symantec is and always will be "www.symantec.com", as with other sites. they
> are blocked by malware infections (in various ways that I would love to
> understand more). If there were "server" around the globe open with online
> scanners and tools that rotated with DNS and or IP addressing the malware
> could not block it.
>
> Can this be done with a revolving network of servers from volunteers?

The basic flaw here is that we're stuck with trying to get to "www.symantec.com".
And if we're able to look up that name and find it, malware can look up that
name, find it, and block it.

(Note that even renaming the site every hour doesn't help, because then you
need an algorithm for figuring out what the name is *now* - and if you have the
algorithm, the malware has it too...)

A much better idea is just hardening the damned box so the malware isn't able
to get in the way of your DNS lookup and other similar games.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.