Re: Interesting new dns failures

• From: Suresh Ramasubramanian
• Date: Thu May 24 22:56:27 2007

• Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nXKo2688yP6xO5lrG1C70L2pQSvXa/An0OeULfrDO/4HHho8R7byMSNYlHA21pDAoooh9Ax69IX/6KnsUQy62fpxkJ/SMcJg0LIcH3KEUtBhCQchOyk6LhjRHZ9eGW/WvkCN15AGoe1NJ8t/sVskKSwyS4I0ITkyrvyJ9lJd2jk=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bT46fiLJVHFgVgABVa7eb62fYCKGsgGewiO1yHuje2EJfIwFzm9xklhPXtA544iUN6B/SB1wgxix43WGjEflHhAGbSx2R5seYrJcClQSy327cBlTgjFJI+8jGdcOWE3nHIzcCSdlU7I576dDDJPBOVPx8ABBB0tZVpjOhdeGen0=

If you're an network operator and you'd consider null routing IPs
associated with nameservers used only by phishers, please let me know
and we'll be happy to provide the appropriate evidence.

Half of them are on fastflux so nullroutes wouldnt help.  Some
mailservers (recent postfix) allow you to block by NS, or there's
always the good old expedient of bogusing these out in your bind
resolver config, or serving up a fake zone for them.

--
Suresh Ramasubramanian ([email protected])

• References:
  • Re: Interesting new dns failures Gadi Evron
  • Re: Interesting new dns failures Douglas Otis
  • Re: Interesting new dns failures David Ulevitch
  • Re: Interesting new dns failures Suresh Ramasubramanian
  • Re: Interesting new dns failures John LaCour

• Prev by Date: Re: Slate Podcast on Estonian DOS atatck
• Next by Date: Re: Interesting new dns failures
• Date Index
• Thread Index
• Author Index
• Historical