Interesting new dns failures
Roger Marquis
marquis at roble.com
Mon May 21 18:26:31 UTC 2007
On Mon, 21 May 2007, Chris L. Morrow wrote:
> ok, so 'today' you can't think of a reason (nor can I really easily) but
> it's not clear that this may remain the case tomorrow.
Not a good justification for doing nothing while this sort of trojan
propagates. As analogy, it is also true we cannot see how email-based
trojans may be desirable tomorrow, but that doesn't stop us from
protecting ourselves against their detrimental effects today.
> It's possible that as a way to 'better loadshare' traffic akamai
> (just to make an example) could start doing this as well.
Actually not. There is no legitimate purpose for this dns hack.
> So, I think that what we (security folks) want is probably not
> to auto-squish domains in the TLD because of NS's moving about
> at some rate other than 'normal'
Except that there's a lot more to this pattern than simply changing NS
at a rate other than normal, enough that it can be easily identified
for what it is.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
More information about the NANOG
mailing list