What DNS Is Not

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Nov 10 13:34:15 UTC 2009


On Mon, Nov 09, 2009 at 06:15:09PM -0500,
 David Ulevitch <davidu at everydns.net> wrote 
 a message of 18 lines which said:

> When the conficker worms phones home to one of the 50,000 potential
> domains names it computes each day, there are a lot of IT folks out
> there that wish their local resolver would simply reject those DNS
> requests so that infected machines in their network fail to phone
> home.

That's an extremely bad idea: many of the domains generated by the
Conficker algorithm are already registered by a legitimate registrant
(in .FR: the national railways, a national TV, etc).

Also, the example is not a good choice since Conficker now mostly uses
P2P: <http://mtc.sri.com/Conficker/P2P/> for those who like assembly
code and awful technical details.




More information about the NANOG mailing list