[95550] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Sat Mar 31 04:48:33 2007
Date: Sat, 31 Mar 2007 16:58:25 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@merit.edu
In-Reply-To: <bb0e440a0703310126s6cfe6fd1n91883e660e01c603@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Sat, Mar 31, 2007, Suresh Ramasubramanian wrote:
>
> On 31 Mar 2007 06:09:30 +0000, Paul Vixie <vixie@vix.com> wrote:
> >
> >are we really going to stop malware by blackholing its domain names? if
> >so then i've got some phone calls to make.
>
> That does seem to be the single point of failure for these malwares,
> and for various other things besides [phish domains hosted on botnets,
> and registered on ccTLDs where bureaucracy comes in the way of quick
> takedowns]
.. just wait until they start living on in P2P trackerless type setups
and not bothering with temporary domains - just use whatever resolves to the
end-client. You'll wish it were as easy to track as "accessing these websites
or servers." (That, and the IPv6 space doesn't seem to be a saving grace either -
it'll be easy to identify potential hosts to infect by infecting someone
participating in P2P and moving across to other machines as you see
P2P application connections to/from them.)
Scary stuff.
Adrian
