What DNS Is Not
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Nov 10 13:34:15 UTC 2009
On Mon, Nov 09, 2009 at 06:15:09PM -0500,
David Ulevitch <davidu at everydns.net> wrote
a message of 18 lines which said:
> When the conficker worms phones home to one of the 50,000 potential
> domains names it computes each day, there are a lot of IT folks out
> there that wish their local resolver would simply reject those DNS
> requests so that infected machines in their network fail to phone
> home.
That's an extremely bad idea: many of the domains generated by the
Conficker algorithm are already registered by a legitimate registrant
(in .FR: the national railways, a national TV, etc).
Also, the example is not a good choice since Conficker now mostly uses
P2P: <http://mtc.sri.com/Conficker/P2P/> for those who like assembly
code and awful technical details.
More information about the NANOG
mailing list