[95631] in North American Network Operators' Group
Re: On-going Internet Emergency and Domain Names (kill this thread)
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sun Apr 1 02:27:02 2007
In-Reply-To: <Pine.LNX.4.62.0703312201010.5504@sokol.elan.net>
From: Roland Dobbins <rdobbins@cisco.com>
Date: Sat, 31 Mar 2007 22:49:23 -0700
To: nanog <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Mar 31, 2007, at 11:16 PM, william(at)elan.net wrote:
> But DNS here is just a tool, bad guys could
> easily build quite complex system of control by using active HTTP
> such as XML-RPC, they are just not that sophisticated (yet) or
> maybe they don't need anything but simple list of pointers.
Actually, the discussion isn't about the use of the DNS protocol
itself as a botnet C&C channel (as you indicate, that's certainly
doable), but rather about domains used as pointers to malware which
is then distributed via various methods, same for phishing, as well
as the use of DNS to provide server agility for botnet controllers
irrespective of the actual protocol used for C&C.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Words that come from a machine have no soul.
-- Duong Van Ngo
