nanog mailing list archives
Re: Avalanche botnet takedown
From: Robert McKay <robert () mckay com>
Date: Fri, 02 Dec 2016 00:24:28 +0000
I'm just assuming this because it doesn't say anywhere, but given the context it seems likely to me that almost none of the 900000 domains were actually registered. It sounds more likely that they figured out how the domain generation algorithm works and instructed the registries to block out all thepossible domains it could generate (preventing them from being registered in the future).. along with also going after the registrars to disable a much smaller
number of domains that were actually currently registered. Could be the 0.01% were the ones that were actually registered. Rob On 2016-12-01 21:06, Justin Paine via NANOG wrote:
straight from the horse's mouth -- they said "99.99% of the 900,000 domains" have been sinkholed. ____________ Justin Paine Head of Trust & Safety Cloudflare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314DOn Thu, Dec 1, 2016 at 1:02 PM, J. Hellenthal <jhellenthal () dataix net> wrote:99% ? That's a pretty high figure there. -- Onward!, Jason Hellenthal, Systems & Network Admin, Mobile: 0x9CA0BD58, JJH48-ARIN On Dec 1, 2016, at 14:56, Rich Kulawiec <rsk () gsp org> wrote:On Thu, Dec 01, 2016 at 05:34:26PM -0000, John Levine wrote: [...] 800,000 domain names used to control it.1. Which is why abusers are registrars' best customers and why (some) registrars work so very hard to support and shield them. 2. As an aside, I've been doing a little research project for a few years, focused on domains. I've become convinced that *at least* 99% of domains belong to abusers: spammers, phishers, typosquatters, malware distributors, domaineers, combinations of these, etc.In the last year, I've begun thinking that 99% is a serious underestimate.(And it most certainly is in some of the new gTLDs.) ---rsk
Current thread:
- Avalanche botnet takedown John Levine (Dec 01)
- Re: Avalanche botnet takedown anthony kasza (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
- Re: Avalanche botnet takedown Paul Ferguson (Dec 01)
- Re: Avalanche botnet takedown Tony Finch (Dec 02)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)
- Re: Avalanche botnet takedown Justin Paine via NANOG (Dec 01)
- Re: Avalanche botnet takedown Robert McKay (Dec 01)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 01)
- Re: [nanog] Re: Avalanche botnet takedown Hugo Salgado-Hernández (Dec 02)
- Re: [nanog] Avalanche botnet takedown Jason Hellenthal (Dec 02)
- Re: Avalanche botnet takedown J. Hellenthal (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
- Re: Avalanche botnet takedown Rich Kulawiec (Dec 02)
- <Possible follow-ups>
- Re: Avalanche botnet takedown Scott Weeks (Dec 01)
- RE: Avalanche botnet takedown Steve Mikulasik (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 01)
- Re: Avalanche botnet takedown Scott Weeks (Dec 01)
- Re: Avalanche botnet takedown Ronald F. Guilmette (Dec 09)