Re: On-going Internet Emergency and Domain Names (kill this thread)

• From: william(at)elan.net
• Date: Sun Apr 01 01:37:42 2007

I'm prepared to concede, despite your previous history, that there
may well be an actual issue (as there are an awful lot of hideously ugly
corners with both DNS the protocol and domain reigsitration the
policy), but you're being incredibly bad at communicating what
you actually think it is.

He's talking about when DNS protocol is used to either control or
serve as main entry into a botnet (i.e. domain points to various
servers on botnet and quickly changes among them). Previously a
lot of that was (still is?) done using IRC and it generally offers
more superior tools but rudimentary control can be done with DNS
quite easily and unlike IRC or higher-end ports that enterprise
firewalls know quite well how to block, dns protocol is almost
always available from any computer and it also has great way of
providing  externally reliable reference to unify thousands of
botnet computers. But DNS here is just a tool, bad guys could
easily build quite complex system of control by using active HTTP
such as XML-RPC, they are just not that sophisticated (yet) or
maybe they don't need anything but simple list of pointers.

--
William Leibzon
Elan Networks
[email protected]

• Follow-Ups:
  • Re: On-going Internet Emergency and Domain Names (kill this thread) Roland Dobbins

• References:
  • Re: On-going Internet Emergency and Domain Names (kill this thread) Gadi Evron
  • Re: On-going Internet Emergency and Domain Names (kill this thread) Steve Atkins

• Prev by Date: Re: On-going Internet Emergency and Domain Names
• Next by Date: Re: On-going Internet Emergency and Domain Names
• Date Index
• Thread Index
• Author Index
• Historical