nanog mailing list archives

Re: Interesting new dns failures

From: "Fergie" <fergdawg () netzero net>
Date: Mon, 21 May 2007 18:07:57 GMT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Chris L. Morrow" <christopher.morrow () verizonbusiness com> wrote:

So, I think that what we (security folks) want is probably not to
auto-squish domains in the TLD because of NS's moving about at some rate
other than 'normal' but to be able to ask for a quick takedown of said
domain, yes? I don't think we'll be able to reduce false positive rates
low enough to be acceptable with an 'auto-squish' method :(


Hi Chris,

While I agree with you, there are many of us who know that these
fast-flux hosts are malicious due to malware & malicious traffic
analysis...

I completely agree with you, however, on the issue of making
assumptions that it will always be malicious -- of course, that
will not always be the case. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGUd/7q1pz9mNUZTMRAigSAKDgooaGUsp+GT0sEYcEOivjY0afFwCfWmk6
EaWuXUl9W+3+uQEAEJ1c1SQ=
=V6Mu
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

Re: Interesting new dns failures, (continued)
- - Re: Interesting new dns failures Roger Marquis (May 21)
    - Re: Interesting new dns failures Valdis . Kletnieks (May 21)
    - Use of portions of 44.0.0.0/8? Neal R (May 21)
    - Re: Use of portions of 44.0.0.0/8? Andy Brezinsky (May 21)
    - OK - functioning administration of 44.0.0.0/8 Neal R (May 21)
    - Re: OK - functioning administration of 44.0.0.0/8 Harald Koch (May 21)
    - Re: Use of portions of 44.0.0.0/8? Joel Jaeggli (May 21)
- Re: Interesting new dns failures Fergie (May 20)
- Re: Interesting new dns failures Fergie (May 20)
  - Re: Interesting new dns failures John Curran (May 21)
- Re: Interesting new dns failures Fergie (May 21)
  - Re: Interesting new dns failures Chris L. Morrow (May 21)
- Re: Interesting new dns failures Fergie (May 21)
- Re: Interesting new dns failures Fergie (May 22)
  - Re: Interesting new dns failures David Ulevitch (May 22)
    - Re: Interesting new dns failures Chris L. Morrow (May 22)
- Re: Interesting new dns failures Fergie (May 22)
- Re: Interesting new dns failures Fergie (May 24)
  - Re: Interesting new dns failures Chris L. Morrow (May 24)
    - Re: Interesting new dns failures Roger Marquis (May 24)
    - Re: Interesting new dns failures John Levine (May 24)

(Thread continues...)