14 May
2009
14 May
'09
8:25 p.m.
On Thu, May 14, 2009 at 4:58 PM, Mark Andrews <Mark_Andrews@isc.org> wrote:
If I were an ISP, and I knew that approximately 99.9% of customer queries to random name servers was malware doing fake site phishing or misconfigured PCs that will work OK and avoid a support call if they answer the DNS query, with 0.1% being old weenies like us, I'd do what Sprint's doing, too.
And what's the next protocol that is going to be stomped on?
I was going to say, "will the ISP also remove the DNS MITM the day that 99.9% of malware moves its command-and-control to the HTTP or other layer?". I figured why bother - but your point drives it home even further. dre