From: william(at)elan.net ("william)
Date: Sun Apr 01 2007 - 02:16:08 EDT
On Sat, 31 Mar 2007, Steve Atkins wrote:
> I'm prepared to concede, despite your previous history, that there
> may well be an actual issue (as there are an awful lot of hideously ugly
> corners with both DNS the protocol and domain reigsitration the
> policy), but you're being incredibly bad at communicating what
> you actually think it is.
He's talking about when DNS protocol is used to either control or
serve as main entry into a botnet (i.e. domain points to various
servers on botnet and quickly changes among them). Previously a
lot of that was (still is?) done using IRC and it generally offers
more superior tools but rudimentary control can be done with DNS
quite easily and unlike IRC or higher-end ports that enterprise
firewalls know quite well how to block, dns protocol is almost
always available from any computer and it also has great way of
providing externally reliable reference to unify thousands of
botnet computers. But DNS here is just a tool, bad guys could
easily build quite complex system of control by using active HTTP
such as XML-RPC, they are just not that sophisticated (yet) or
maybe they don't need anything but simple list of pointers.
-- William Leibzon Elan Networks
|
|
|