[96713] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue May 22 07:05:49 2007
Date: Tue, 22 May 2007 16:35:01 +0530
From: "Suresh Ramasubramanian" <ops.lists@gmail.com>
To: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0705211741530.8022@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On 5/21/07, Chris L. Morrow <christopher.morrow@verizonbusiness.com> wrote:
>
> So, I think that what we (security folks) want is probably not to
> auto-squish domains in the TLD because of NS's moving about at some rate
> other than 'normal' but to be able to ask for a quick takedown of said
> domain, yes? I don't think we'll be able to reduce false positive rates
> low enough to be acceptable with an 'auto-squish' method :(
>
Well, you can autosquish IF there's enough correlation to malware
traffic and botnet hosting, like the NS set the OP posted for example.
--
Suresh Ramasubramanian (ops.lists@gmail.com)
