funsec mailing list archives
Re: idea
From: Valdis.Kletnieks () vt edu
Date: Thu, 01 Jan 2009 21:37:38 -0500
On Wed, 31 Dec 2008 21:58:57 CST, RandallM said:
Symantec is and always will be "www.symantec.com", as with other sites. they are blocked by malware infections (in various ways that I would love to understand more). If there were "server" around the globe open with online scanners and tools that rotated with DNS and or IP addressing the malware could not block it. Can this be done with a revolving network of servers from volunteers?
The basic flaw here is that we're stuck with trying to get to "www.symantec.com". And if we're able to look up that name and find it, malware can look up that name, find it, and block it. (Note that even renaming the site every hour doesn't help, because then you need an algorithm for figuring out what the name is *now* - and if you have the algorithm, the malware has it too...) A much better idea is just hardening the damned box so the malware isn't able to get in the way of your DNS lookup and other similar games.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: idea Matt Jonkman (Jan 01)