[95561] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sat Mar 31 10:25:19 2007
Date: Sat, 31 Mar 2007 09:18:04 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: alex@pilosoft.com
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0703310834100.21051-100000@bawx.pilosoft.com>
Errors-To: owner-nanog@merit.edu
On Sat, 31 Mar 2007 alex@pilosoft.com wrote:
> OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed
being handled. I am raising the flag on an ever increasing problem with
DNS.
This latest incident illustrates some of our operational problems with the
security of the Internet.
> domains listed on http://isc.sans.org/, is that an authoritative site of
> botnet hunters? If so, there are couple of surprises for you.
> baidu.com listed there is a chinese equivalent of google, who'd get very
> upset if its domain name got "revoked". Similarly, alexa.com.
>
> There needs to be due process for these actions. And once we close this
> vector, I'm sure that botnets will simply migrate away from DNS to some
> other protocol.
YOu shouldn't confuse TCP/IP for the control channel of the botnets which
is IRC, HTTP, etc.
DNS is not going anywhere, patch for the hosts file or not.
>
>
> -alex
>