[119230] in North American Network Operators' Group
Re: What DNS Is Not
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Tue Nov 10 08:42:02 2009
Date: Tue, 10 Nov 2009 22:34:15 +0900
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: David Ulevitch <davidu@everydns.net>
In-Reply-To: <4AF8A27D.2080405@everydns.net>
Cc: nanog@merit.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Nov 09, 2009 at 06:15:09PM -0500,
David Ulevitch <davidu@everydns.net> wrote
a message of 18 lines which said:
> When the conficker worms phones home to one of the 50,000 potential
> domains names it computes each day, there are a lot of IT folks out
> there that wish their local resolver would simply reject those DNS
> requests so that infected machines in their network fail to phone
> home.
That's an extremely bad idea: many of the domains generated by the
Conficker algorithm are already registered by a legitimate registrant
(in .FR: the national railways, a national TV, etc).
Also, the example is not a good choice since Conficker now mostly uses
P2P: <http://mtc.sri.com/Conficker/P2P/> for those who like assembly
code and awful technical details.
