On-going Internet Emergency and Domain Names

Adrian Chadd adrian at creative.net.au
Sat Mar 31 08:58:25 UTC 2007


On Sat, Mar 31, 2007, Suresh Ramasubramanian wrote:
> 
> On 31 Mar 2007 06:09:30 +0000, Paul Vixie <vixie at vix.com> wrote:
> >
> >are we really going to stop malware by blackholing its domain names?  if
> >so then i've got some phone calls to make.
> 
> That does seem to be the single point of failure for these malwares,
> and for various other things besides [phish domains hosted on botnets,
> and registered on ccTLDs where bureaucracy comes in the way of quick
> takedowns]

.. just wait until they start living on in P2P trackerless type setups
and not bothering with temporary domains - just use whatever resolves to the
end-client. You'll wish it were as easy to track as "accessing these websites
or servers." (That, and the IPv6 space doesn't seem to be a saving grace either -
it'll be easy to identify potential hosts to infect by infecting someone
participating in P2P and moving across to other machines as you see
P2P application connections to/from them.)

Scary stuff.





Adrian




More information about the NANOG mailing list