nanog mailing list archives
Re: On-going Internet Emergency and Domain Names (kill this thread)
From: "william(at)elan.net" <william () elan net>
Date: Sat, 31 Mar 2007 22:16:08 -0800 (PST)
On Sat, 31 Mar 2007, Steve Atkins wrote:
I'm prepared to concede, despite your previous history, that there may well be an actual issue (as there are an awful lot of hideously ugly corners with both DNS the protocol and domain reigsitration the policy), but you're being incredibly bad at communicating what you actually think it is.
He's talking about when DNS protocol is used to either control or serve as main entry into a botnet (i.e. domain points to various servers on botnet and quickly changes among them). Previously a lot of that was (still is?) done using IRC and it generally offers more superior tools but rudimentary control can be done with DNS quite easily and unlike IRC or higher-end ports that enterprise firewalls know quite well how to block, dns protocol is almost always available from any computer and it also has great way of providing externally reliable reference to unify thousands of botnet computers. But DNS here is just a tool, bad guys could easily build quite complex system of control by using active HTTP such as XML-RPC, they are just not that sophisticated (yet) or maybe they don't need anything but simple list of pointers. -- William Leibzon Elan Networks william () elan net
Current thread:
- On-going Internet Emergency and Domain Names Gadi Evron (Mar 30)
- Re: On-going Internet Emergency and Domain Names alex (Mar 31)
- Re: On-going Internet Emergency and Domain Names Valdis . Kletnieks (Mar 31)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names alex (Mar 31)
- Re: On-going Internet Emergency and Domain Names Adrian Chadd (Mar 31)
- Re: On-going Internet Emergency and Domain Names Allen Parker (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Patrick Giagnocavo (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Gadi Evron (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Steve Atkins (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) william(at)elan.net (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Roland Dobbins (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Patrick Giagnocavo (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Patrick Giagnocavo (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Jeff Shultz (Mar 31)
- Re: On-going Internet Emergency and Domain Names (kill this thread) Petri Helenius (Mar 31)
- Re: On-going Internet Emergency and Domain Names alex (Mar 31)
- <Possible follow-ups>
- Re: On-going Internet Emergency and Domain Names Fergie (Mar 30)
- Re: On-going Internet Emergency and Domain Names Jeff Shultz (Mar 30)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Mar 30)
- Re: On-going Internet Emergency and Domain Names Steven M. Bellovin (Mar 30)
- Re: On-going Internet Emergency and Domain Names Matt Ghali (Mar 31)
- Re: On-going Internet Emergency and Domain Names Jeff Shultz (Mar 30)