On Sat, Mar 31, 2007, Gadi Evron wrote:
On Sat, 31 Mar 2007 alex@pilosoft.com wrote:
OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed being handled. I am raising the flag on an ever increasing problem with DNS.
One could argue its an ever increasing problem with IP.
This latest incident illustrates some of our operational problems with the security of the Internet.
Again; one could argue its also an increasing problem with IP. I wonder if anyone can come up with methods of solving this at the IP layer..
There needs to be due process for these actions. And once we close this vector, I'm sure that botnets will simply migrate away from DNS to some other protocol.
YOu shouldn't confuse TCP/IP for the control channel of the botnets which is IRC, HTTP, etc.
DNS is not going anywhere, patch for the hosts file or not.
And I'm sure they'll migrate away from DNS when it becomes inconvienent. I'm still pleasantly surprised how many organisations spend large amounts of money controlling what comes in and almost never try to handle what goes -out-. Adrian