On Sat, 31 Mar 2007, Steve Atkins wrote:
I'm prepared to concede, despite your previous history, that there may well be an actual issue (as there are an awful lot of hideously ugly corners with both DNS the protocol and domain reigsitration the policy), but you're being incredibly bad at communicating what you actually think it is.
He's talking about when DNS protocol is used to either control or serve as main entry into a botnet (i.e. domain points to various servers on botnet and quickly changes among them). Previously a lot of that was (still is?) done using IRC and it generally offers more superior tools but rudimentary control can be done with DNS quite easily and unlike IRC or higher-end ports that enterprise firewalls know quite well how to block, dns protocol is almost always available from any computer and it also has great way of providing externally reliable reference to unify thousands of botnet computers. But DNS here is just a tool, bad guys could easily build quite complex system of control by using active HTTP such as XML-RPC, they are just not that sophisticated (yet) or maybe they don't need anything but simple list of pointers. -- William Leibzon Elan Networks william@elan.net