Re: On-going Internet Emergency and Domain Names

[Gadi Evron <ge () linuxbox org>]

On Sat, 31 Mar 2007 alex () pilosoft com wrote:
> OK, so, do you officially declare the emergency? Should we all block the

This is an emergecy incident on the scale of WMF, but no, it is indeed
being handled. I am raising the flag on an ever increasing problem with
DNS.

This latest incident illustrates some of our operational problems with the
security of the Internet.

> domains listed on http://isc.sans.org/, is that an authoritative site of
> botnet hunters? If so, there are couple of surprises for you. 
> baidu.com listed there is a chinese equivalent of google, who'd get very 
> upset if its domain name got "revoked". Similarly, alexa.com.
>
> There needs to be due process for these actions. And once we close this
> vector, I'm sure that botnets will simply migrate away from DNS to some
> other protocol.

YOu shouldn't confuse TCP/IP for the control channel of the botnets which
is IRC, HTTP, etc.

DNS is not going anywhere, patch for the hosts file or not.

> -alex