nanog mailing list archives

Re: On-going Internet Emergency and Domain Names

From: Hank Nussbacher <hank () efes iucc ac il>
Date: Sat, 31 Mar 2007 21:38:52 +0300 (IDT)


On Sat, 31 Mar 2007, Mikael Abrahamsson wrote:

On Sat, 31 Mar 2007, Gadi Evron wrote:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
The argument can be made that you're trying to solve a windows-problem byimplementing blocking in DNS.
Next step would be to ask all access providers to block outgoing UDP/53 sopeople can't use open resolvers or machines set up to act as resolvers forcertain DNS information that the botnets need, as per the same analysis thatblocking TCP/25 stops spam.
So what you're trying to do is a pure stop-gap measure that won't scale inthe long run. Fix the real problem instead of trying to bandaid the symptoms.

IMHO, Windows will always have some 0-day appearing every quarter -whether it be in XP or Vista. Or it will be in Apache, or it will be inSendmail or it will be in some other app. So if taking a 10,000 footview, apps will always have 0-day holes that are abused. Nowadays, thelatest vector is fast-flux. I think that closing that vector via fastclosure of a particular domain name is something we should tackle. True,the baddies will find some other vector. But that doesn't mean we shouldignore this one.


-Hank


--
Mikael Abrahamsson    email: swmike () swm pp se

Current thread:

Re: On-going Internet Emergency and Domain Names, (continued)
- - - Re: On-going Internet Emergency and Domain Names Petri Helenius (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Stephen Satchell (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Adrian Chadd (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Adrian Chadd (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Petri Helenius (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - RE: On-going Internet Emergency and Domain Names michael.dillon (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Hank Nussbacher (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Paul Vixie (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Roland Dobbins (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Florian Weimer (Mar 31)
    - redirect (Re: On-going Internet Emergency and Domain Names ) Paul Vixie (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Paul Vixie (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Matt Ghali (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
    - Re: On-going Internet Emergency and Domain Names Jon R. Kibler (Mar 31)

(Thread continues...)