Avalanche botnet takedown

Robert McKay robert at mckay.com
Fri Dec 2 00:24:28 UTC 2016


I'm just assuming this because it doesn't say anywhere,
but given the context it seems likely to me that almost
none of the 900000 domains were actually registered.

It sounds more likely that they figured out how the domain generation
algorithm works and instructed the registries to block out all the
possible domains it could generate (preventing them from being 
registered
in the future).. along with also going after the registrars to disable a 
much smaller
number of domains that were actually currently registered.

Could be the 0.01% were the ones that were actually registered.

Rob

On 2016-12-01 21:06, Justin Paine via NANOG wrote:
> straight from the horse's mouth -- they said  "99.99% of the 900,000
> domains" have been sinkholed.
> 
> ____________
> Justin Paine
> Head of Trust & Safety
> Cloudflare Inc.
> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
> 
> 
> On Thu, Dec 1, 2016 at 1:02 PM, J. Hellenthal <jhellenthal at dataix.net> 
> wrote:
>> 99% ? That's a pretty high figure there.
>> 
>> --
>>  Onward!,
>>  Jason Hellenthal,
>>  Systems & Network Admin,
>>  Mobile: 0x9CA0BD58,
>>  JJH48-ARIN
>> 
>> On Dec 1, 2016, at 14:56, Rich Kulawiec <rsk at gsp.org> wrote:
>> 
>>> On Thu, Dec 01, 2016 at 05:34:26PM -0000, John Levine wrote:
>>> [...] 800,000 domain names used to control it.
>> 
>> 1. Which is why abusers are registrars' best customers and why
>> (some) registrars work so very hard to support and shield them.
>> 
>> 2. As an aside, I've been doing a little research project for a
>> few years, focused on domains.  I've become convinced that *at least*
>> 99% of domains belong to abusers: spammers, phishers, typosquatters,
>> malware distributors, domaineers, combinations of these, etc.
>> 
>> In the last year, I've begun thinking that 99% is a serious 
>> underestimate.
>> (And it most certainly is in some of the new gTLDs.)
>> 
>> ---rsk
>> 


More information about the NANOG mailing list