North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: On-going Internet Emergency and Domain Names
On Sat, 31 Mar 2007, Gadi Evron wrote: > > domains listed on http://isc.sans.org/, is that an authoritative site > > of botnet hunters? If so, there are couple of surprises for you. > > baidu.com listed there is a chinese equivalent of google, who'd get > > very upset if its domain name got "revoked". Similarly, alexa.com. > > > > There needs to be due process for these actions. And once we close > > this vector, I'm sure that botnets will simply migrate away from DNS > > to some other protocol. > > YOu shouldn't confuse TCP/IP for the control channel of the botnets > which is IRC, HTTP, etc. I'm not sure I understand your point. Intarweb Storm Center listed a number of domain names "involved in these attacks", presumably so the registrars/registries pull the DNS records. I am pointing out that at least two of the ones listed are innocent. What does TCP/IP or IRC or HTTP have to do with anything? > DNS is not going anywhere, patch for the hosts file or not. Glad you understand that.