nanog mailing list archives
Re: news from Google
From: Paul Ferguson <fergdawgster () gmail com>
Date: Sun, 6 Dec 2009 17:37:24 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Dec 6, 2009 at 5:30 PM, Danny McPherson <danny () tcb net> wrote:
I think one of the things that concerns me most with Google validating and jumping on the DNS "open resolver" bandwagon is that it'll force more folks (ISPs, enterprises and end users alike) to leave DNS resolver IP access wide open. Malware already commonly changes DNS resolver settings to rogue resolvers, and removes otherwise resident malcode from the end system to avoid detection by AV and the like. One of the primary recommendations I give to enterprises is to force use of internal resolvers, and log all other attempted DNS resolution queries elsewhere, it's a quick way to detect some compromised systems. [...]
Indeed -- as this is exactly what we have seen, as discussed in the good white paper by Antoine Schonewille and Dirk-Jan van Helmond in 2006 (I've used this paper as a a reference many times), "The Domain Name Service as an IDS: How DNS can be used for detecting and monitoring badware in a network": http://staff.science.uva.nl/~delaat/snb-2005-2006/p12/report.pdf - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLHFxJq1pz9mNUZTMRAti9AKDYQalIoQ5aHDjsRzU9bz6ulxVLUwCePYbW v3KSVdE37Uyz/GXhC0dhaA0= =K0HW -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- Re: news from Google, (continued)
- Re: news from Google Andrey Gordon (Dec 03)
- Re: news from Google Patrick W. Gilmore (Dec 03)
- Re: news from Google Jeroen Massar (Dec 03)
- Re: news from Google Martin Hannigan (Dec 03)
- RE: news from Google Scott Berkman (Dec 03)
- Re: news from Google Matthew Petach (Dec 03)
- Re: news from Google Charles Wyble (Dec 03)
- Re: news from Google Jorge Amodio (Dec 03)
- Re: news from Google Charles Wyble (Dec 03)
- Re: news from Google Danny McPherson (Dec 06)
- Re: news from Google Paul Ferguson (Dec 06)
- Re: news from Google Jorge Amodio (Dec 06)
- Re: news from Google Andrew Euell (Dec 12)
- Re: news from Google Joshua Smith (Dec 12)
- Re: news from Google Bret Clark (Dec 03)
- Re: news from Google Brandon Galbraith (Dec 03)
- Re: news from Google Stefan (Dec 03)
- Re: news from Google Jorge Amodio (Dec 03)
- RE: news from Google Deepak Jain (Dec 03)
- Re: news from Google J. Oquendo (Dec 03)