North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Interesting new dns failures
- From: Suresh Ramasubramanian
- Date: Tue May 22 07:08:31 2007
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bHEsn3o59BAEO5NGQ56+cgbHngO1evK3fiWB3mNT6len7b9qtSc74R1yCB0bLRmVUoLhiLk7lbIA2kpLmoJjni1NtBQIIS1XKopz3KaYb9roulDVFfdiXXHvPibpicujGE7EzfntN4xAgK5w+ek0v7LSiSwerPYmyWxDao8HQMw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=kQOn/6APhaAi7QCPQMx7+OuH+6TUPzPjNicm5s0LNIMluP8cPrh/1RZyavJJ9iKVALJylTA65JOnkBSsjwQmDLhCSpxec3hyoY32NZqR3bwEmXG5JE3zLPqDrHxutKL91/MYzDQa5h3SLfOr+YAyEjbPlkx+/WWiWAH6rg3T1Ac=
On 5/21/07, Chris L. Morrow <[email protected]> wrote:
So, I think that what we (security folks) want is probably not to
auto-squish domains in the TLD because of NS's moving about at some rate
other than 'normal' but to be able to ask for a quick takedown of said
domain, yes? I don't think we'll be able to reduce false positive rates
low enough to be acceptable with an 'auto-squish' method :(
Well, you can autosquish IF there's enough correlation to malware
traffic and botnet hosting, like the NS set the OP posted for example.
--
Suresh Ramasubramanian ([email protected])
|