Dailydave mailing list archives
Re: Beyond Fast Flux
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sat, 15 Dec 2007 02:44:30 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Brandon Enright <bmenrigh () ucsd edu> wrote:
If you're going to attack something you should back your argument up with a little evidence. The C&C methods mentioned in the paper are: * IRC * HTTP to single server * Fast-Flux of DNS Servers * Storm P2P protocols * PINK About the only thing they missed was DHT, which is arguably covered by Storm. PINK is a good idea. If it really is light-years behind the criminals show us the papers, presentations, and discussions of more advanced >C&C. If your argument is that PINK is primitive or that it won't work, respond with a paper, a countermeasure, or at the very least a detailed email of possible flaws in it. C'mon, Gadi, you know better.
What about Open DNS resolvers, using double-flux, combined with the Storm Overnet? :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHYz+Nq1pz9mNUZTMRAv6HAJ9ImdXXvj2bFKn3g45Mo236RjAF3QCg8ohH yTozjLY3oGFre6ntmOtKwQs= =8fSS -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Beyond Fast Flux Dave Aitel (Dec 14)
- Re: Beyond Fast Flux Gadi Evron (Dec 14)
- Re: Beyond Fast Flux Brandon Enright (Dec 14)
- Re: Beyond Fast Flux ChromeSilver (Dec 15)
- Re: Beyond Fast Flux Lance M. Havok (Dec 16)
- Re: Beyond Fast Flux Dude VanWinkle (Dec 17)
- Re: Beyond Fast Flux Fosforo (Dec 14)
- <Possible follow-ups>
- Re: Beyond Fast Flux Paul Ferguson (Dec 14)
- Re: Beyond Fast Flux matthew wollenweber (Dec 15)
- Re: Beyond Fast Flux Dave Aitel (Dec 17)
- Re: Beyond Fast Flux matthew wollenweber (Dec 15)
- Re: Beyond Fast Flux Gadi Evron (Dec 14)