[anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Wed Jun 26 17:19:11 CEST 2013
Suresh Ramasubramanian wrote: > Consider, if you will, a domain that has absolutely no "content", but is > the command and control for a fast flux botnet. Which has been the case > with both the latvian as well as austrian cctld cases. Same thing. The controllers must run on a server with an IP address, destroy these servers. The domainname is just a name, its the hostnames in the domains nameserver pointing to an IP and a server with whatever service running under that IP. Its likely that the botnet owner uses another domainname, if you remove it. botnet owners arent stupid. Kind regards, Frank > > On Jun 26, 2013 7:52 PM, "Frank Gadegast" <ripe-anti-spam-wg at powerweb.de > <mailto:ripe-anti-spam-wg at powerweb.de>> wrote: > > Suresh Ramasubramanian wrote: > > Just want to note, that domainnames themself cant be > dangerous (of course using a similar name could cos > problems with trademarks and the like). > > Its only the content thats dangerous, eMail or webpage. > So its more a problem of the people running the services > and these are either hacked sites or ISPs tolerating > or deliberatly hosting this content. > > Asking a TLD registry to remove domainnames because > of pishing its then somehow to wrong place to start, > specially for Spamhaus, they should know better and > simply place all those IPs on their lists ... > > > BTW: > just found the service "Google Safe Browsing Alerts > for Network Administrators" where every AS owner can > register under > http://www.google.com/__safebrowsing/alerts/ > <http://www.google.com/safebrowsing/alerts/> > to receive notification about doubtful content > Google might find, when spidering your network. > > This could be pretty usefull to remove pishing > and hacked sites for pretty quick. > > > > Kind regards, Frank > > There are of course multiple sides to that story as well. > > Like a massive infestation of rock phish domains which, too, were > knowingly disregarding local law, and were present in rather massive > quantities on the .at ccTLD at that time. > > http://www.spamhaus.org/__organization/statement/7/ > <http://www.spamhaus.org/organization/statement/7/> > > --srs > > On Wednesday, June 26, 2013, Wilfried Woeber wrote: > > Erik Bais wrote: > [...] > > For those that want to read up on what actually happened > on that > specific > > incident in Latvia (July/August 2010), have a read on the > following open > > letter from CERT.lv > > > > https://cert.lv/uploads/__uploads/OpenLetter.pdf > <https://cert.lv/uploads/uploads/OpenLetter.pdf> > > And this actually wasn't the only or the first "incident" > with Spamhaus. > They also tried similer *piep*^Wbullying against NIC.at before. > > Which actually has discredited Spamhaus in my personal > opinion for sure, > for knowingly disregarding local law, but that's slightly > OT here - but > maybe not... > > > Erik Bais > > Wilfried. > > > > -- > --srs (iPad) > > >
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]