So, is there a list of domains that we could null-route if we could convince our DNS managers to set us up as the SOA for those domains on our local DNS servers - thus protecting our own customers somewhat? I won't discount the assertion that there is some sort of emergency occurring. I would however, like to see a bit of a reference to where we can learn more about what is going on (I assume this is the javascript exploit I heard about a couple days ago). Thanks. Fergie wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -- Gadi Evron <ge@linuxbox.org> wrote:
There is a current on-going Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated.
This incident is currenly being handled by several operational groups.
...and before people starting bashing Gadi for being off-topic, etc., I'll side with him on the fact that this particular issue appears to be quite serious.
Please check the facts regarding this issue before firing up your flame-throwers -- this weekend could prove to be a quite horrible one.
- - ferg
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.0 (Build 214)
wj8DBQFGDcayq1pz9mNUZTMRAj48AKCVdw3bZ63ryIAI6f/NSbABZR10VACg3iZf thCHKv5hpQ6Dqrq+iY4j1J8= =MoWp -----END PGP SIGNATURE-----
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
-- Jeff Shultz