Avalanche botnet takedown
fergdawgster at mykolab.com
Thu Dec 1 20:43:16 UTC 2016
> P.S. WTF is "double fast flux[tm]”?
Double fast-flux is when not only the TTL is set very low on the A record(s), bit also on the NS:
> On Dec 1, 2016, at 12:38 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> In message <20161201173426.2861.qmail at ary.lan>,
> "John Levine" <johnl at iecc.com> wrote:
>> More info here:
> I'm always happy when even a small handful of miscreants are captured
> and taken off the Internet, but...
> The press release itself says that this botnet had been running since
> 2009. So, you know, are we supposed to break out the champaign and
> start celebrating because it "only" took LE *seven years* to take down
> this one botnet and capture a grand total of five cybercriminals?
> Like I say, I'm happy that this one botnet was killed, but to my way
> of thinking, the fact that it took seven years to do so is a testament
> *not* to the spectacular 21st century capabilities of modern law
> enforcement, but rather to the ever widening gap between the time
> scales of law enforcment processes, typically measured in months or
> years, and the time scales of malicious packets flying around the
> Internet, usually measured in miliseconds.
> The Internet, viewed as an organism, quite clearly has, at present,
> numerous autoimmune diseases. It is attacking itself. And its immune
> system, such as it is, clearly ain't working. There's going to come
> a day of reckoning when it will no longer be possible to paper over
> this sad and self-evident fact. (And no, I'm *not* talking about
> the fabled "Digital Pearl Harbor". I'm talking instead about the
> Internet equivalent of the meteor that wiped out the dinosaurs.)
> P.S. WTF is "double fast flux[tm]"? Is that anything like "double secret
> probation" from Animal House?
> P.P.S. I love this part of the press release, because it is so telling:
> "The successful takedown of this server infrastructure was supported
> by ... Registrar of Last Resort, ICANN..."
> Hahahahaha! Yea. Translation, for those of you who do not speak
> diplomacy-speak: "It isn't hardly just you unofficial anti-spammers and
> anti-cybercrime volunteers and private security companies that can't
> manage to get many domain registrars and somtimes even domain registries
> to lift a finger to help. Even some of us international law enforcement
> guys, who have badges and everything, were also told to go pound sand by
> several of the world's worst and most unhelpful registrars and registries.
> In fact, they were soooooooo colossally unhelpful that in the end, we
> finally had to go and plead our case all the way up to ICANN, just in
> order to get anything done."
Seattle, Washington, USA
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 236 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the NANOG