|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Interesting new dns failures
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Chris L. Morrow" <[email protected]> wrote: >So, I think that what we (security folks) want is probably not to >auto-squish domains in the TLD because of NS's moving about at some rate >other than 'normal' but to be able to ask for a quick takedown of said >domain, yes? I don't think we'll be able to reduce false positive rates >low enough to be acceptable with an 'auto-squish' method :( Hi Chris, While I agree with you, there are many of us who know that these fast-flux hosts are malicious due to malware & malicious traffic analysis... I completely agree with you, however, on the issue of making assumptions that it will always be malicious -- of course, that will not always be the case. :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGUd/7q1pz9mNUZTMRAigSAKDgooaGUsp+GT0sEYcEOivjY0afFwCfWmk6 EaWuXUl9W+3+uQEAEJ1c1SQ= =V6Mu -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
|