On Sat, 31 Mar 2007 alex@pilosoft.com wrote:
OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed being handled. I am raising the flag on an ever increasing problem with DNS. This latest incident illustrates some of our operational problems with the security of the Internet.
domains listed on http://isc.sans.org/, is that an authoritative site of botnet hunters? If so, there are couple of surprises for you. baidu.com listed there is a chinese equivalent of google, who'd get very upset if its domain name got "revoked". Similarly, alexa.com.
There needs to be due process for these actions. And once we close this vector, I'm sure that botnets will simply migrate away from DNS to some other protocol.
YOu shouldn't confuse TCP/IP for the control channel of the botnets which is IRC, HTTP, etc. DNS is not going anywhere, patch for the hosts file or not.
-alex