[anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Jun 27 17:38:15 CEST 2013
Suresh Ramasubramanian wrote: > Usually one domain..? More often than not, a domain generation > algorithm with lots more than just one True, so why trying to argue with the registries ? Will not help ... > Beyond that, please do some more research. Pfff ... Kind regards, Frank > > On Thursday, June 27, 2013, Frank Gadegast wrote: > > Suresh Ramasubramanian wrote: > > On Thursday, June 27, 2013, Frank Gadegast wrote: > > Any nameserver has to be registered with the registry of > the domain > (is there another way DNS works, I dont know ?) > > So: you can always find the server running the nameserver > for that > domain. > Take this server down. > > > for fastflux, take it down and theres a fresh ns real soon. then > what? > > > The botnet has usually one domain wired into the bot. > This domain "a" is running on a nameserver. > The bot is asking the nameserver (wich isnt changed by the botnet owner) > for a second domain "b" (wich might not be registrered at all, but > configured) running fastflux for the IP of its control > servers. > > But: you can find the domain "a" by reverse engeneering the bot. > Find the nameservers for "a" and your done. > > And if the bot is doing only single fastflux, the botnet owner > HAS to update the domain at the registry, makes it even > easier. Take the first nameservers down, wait for the update > at the registry, take the next two nameservers down aso > until there is none left. > Complaining about Registries isnt the right start, even if it > would make things easy. Domains could change, even complaining about > the nameservers on hacked servers isnt the right start (probably > because they are hosted in countries where you have no chance to > to find a legal argument to take them down). > > I would even argue that not only the domainname cannot harm > anybody, the nameservers arent doing that too. > A nameservice itself isnt something illegal even if it resolves > IPs for a botnet (except it resides on a hacked und misused > server and if that is illegal in the country where it resides). > They are both only part of a system. > > The harmfull parts are the bots and the intruded and misused > servers, if you delete the domainname, they are all > still floating about and will be soon part of the next botnet ... > > > I personally would start at the other end and force Microsoft > legally to only have PCs connected to the Internet that > have an AntiVirus solution installed and running ... > > But then you have the antitrust agencies arguing > that Microsoft is not allowed to install a antivirus > solutions because it wouldnt be that nice to their > competitors ... > > And surely have laws in all countries to forbid > to run servers delivering malware and force the ISPs > to remove them after knowledge ... > > > Kind regards, Frank > > > Lets say somebodies name is "John Doo". The name itself cannot > harm anybody, the person "named" John Doo can. > > > headdesk. > > > > -- > --srs (iPad) > > > > > > -- > --srs (iPad) -- Mit freundlichen Gruessen, Frank Gadegast -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]