On Sat, 31 Mar 2007, Gadi Evron wrote:
domains listed on http://isc.sans.org/, is that an authoritative site of botnet hunters? If so, there are couple of surprises for you. baidu.com listed there is a chinese equivalent of google, who'd get very upset if its domain name got "revoked". Similarly, alexa.com.
There needs to be due process for these actions. And once we close this vector, I'm sure that botnets will simply migrate away from DNS to some other protocol.
YOu shouldn't confuse TCP/IP for the control channel of the botnets which is IRC, HTTP, etc. I'm not sure I understand your point. Intarweb Storm Center listed a number of domain names "involved in these attacks", presumably so the registrars/registries pull the DNS records. I am pointing out that at least two of the ones listed are innocent.
What does TCP/IP or IRC or HTTP have to do with anything?
DNS is not going anywhere, patch for the hosts file or not. Glad you understand that.