North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names (kill this thread)

  • From: Roland Dobbins
  • Date: Sun Apr 01 02:26:39 2007
  • Authentication-results: sj-dkim-6; [email protected]; dkim=pass ( sig from cisco.com/sjdkim6002 verified; );
  • Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=944; t=1175406546; x=1176270546; c=relaxed/simple; s=sjdkim6002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20On-going=20Internet=20Emergency=20and=20Domain=20Name s=20(kill=20this=20thread) |Sender:=20; bh=labbVc5gdheW66fIUdKO4tYVkK6mLPfncne+SXT+bJk=; b=KjXKEGNRdWwzWgJ8rnl2Cu/ah5vJB6Mw8h8WyqSAiyAR3lD78m0ergBm6VBMaOQt8VKjfCaS wvHAbtA7u7F8G1645zCvTEQS02D771uFRtiUllfH5rRiBuU9UHMyYWp0;


On Mar 31, 2007, at 11:16 PM, william(at)elan.net wrote:

 But DNS here is just a tool, bad guys could
easily build quite complex system of control by using active HTTP
such as XML-RPC, they are just not that sophisticated (yet) or
maybe they don't need anything but simple list of pointers.

Actually, the discussion isn't about the use of the DNS protocol itself as a botnet C&C channel (as you indicate, that's certainly doable), but rather about domains used as pointers to malware which is then distributed via various methods, same for phishing, as well as the use of DNS to provide server agility for botnet controllers irrespective of the actual protocol used for C&C.

-----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice

Words that come from a machine have no soul.

-- Duong Van Ngo