|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Mon, 21 May 2007 11:26:31 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: nanog@merit.edu In-Reply-To: <Pine.GSO.4.58.0705211741530.8022@marvin.argfrp.us.uu.net> Errors-To: owner-nanog@merit.edu On Mon, 21 May 2007, Chris L. Morrow wrote: > ok, so 'today' you can't think of a reason (nor can I really easily) but > it's not clear that this may remain the case tomorrow. Not a good justification for doing nothing while this sort of trojan propagates. As analogy, it is also true we cannot see how email-based trojans may be desirable tomorrow, but that doesn't stop us from protecting ourselves against their detrimental effects today. > It's possible that as a way to 'better loadshare' traffic akamai > (just to make an example) could start doing this as well. Actually not. There is no legitimate purpose for this dns hack. > So, I think that what we (security folks) want is probably not > to auto-squish domains in the TLD because of NS's moving about > at some rate other than 'normal' Except that there's a lot more to this pattern than simply changing NS at a rate other than normal, enough that it can be easily identified for what it is. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |