[96676] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Fergie)
Mon May 21 14:13:33 2007
From: "Fergie" <fergdawg@netzero.net>
Date: Mon, 21 May 2007 18:07:57 GMT
To: christopher.morrow@verizonbusiness.com
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Chris L. Morrow" <christopher.morrow@verizonbusiness.com> wrote:
>So, I think that what we (security folks) want is probably not to
>auto-squish domains in the TLD because of NS's moving about at some rat=
e
>other than 'normal' but to be able to ask for a quick takedown of said
>domain, yes? I don't think we'll be able to reduce false positive rates=
>low enough to be acceptable with an 'auto-squish' method :(
Hi Chris,
While I agree with you, there are many of us who know that these
fast-flux hosts are malicious due to malware & malicious traffic
analysis...
I completely agree with you, however, on the issue of making
assumptions that it will always be malicious -- of course, that
will not always be the case. :-)
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
wj8DBQFGUd/7q1pz9mNUZTMRAigSAKDgooaGUsp+GT0sEYcEOivjY0afFwCfWmk6
EaWuXUl9W+3+uQEAEJ1c1SQ=3D
=3DV6Mu
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
