On-going Internet Emergency and Domain Names

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 31 Mar 2007, Mikael Abrahamsson wrote:

>
> On Sat, 31 Mar 2007, Gadi Evron wrote:
>
>> In this case, we speak of a problem with DNS, not sendmail, and not bind.
>
> The argument can be made that you're trying to solve a windows-problem by 
> implementing blocking in DNS.
>
> Next step would be to ask all access providers to block outgoing UDP/53 so 
> people can't use open resolvers or machines set up to act as resolvers for 
> certain DNS information that the botnets need, as per the same analysis that 
> blocking TCP/25 stops spam.
>
> So what you're trying to do is a pure stop-gap measure that won't scale in 
> the long run. Fix the real problem instead of trying to bandaid the symptoms.

IMHO, Windows will always have some 0-day appearing every quarter - 
whether it be in XP or Vista.  Or it will be in Apache, or it will be in 
Sendmail or it will be in some other app.  So if taking a 10,000 foot 
view, apps will always have 0-day holes that are abused.  Nowadays, the 
latest vector is fast-flux.  I think that closing that vector via fast 
closure of a particular domain name is something we should tackle.  True, 
the baddies will find some other vector.  But that doesn't mean we should 
ignore this one.

-Hank


>
> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se
>

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]