This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Wed Jun 26 17:23:28 CEST 2013
I did say fast flux. Take down one compromised vm in a cheap datacenter somewhere and it pops up on some random company's exposed file and print server somewhere else. On Jun 26, 2013 8:49 PM, "Frank Gadegast" <ripe-anti-spam-wg at powerweb.de> wrote: > Suresh Ramasubramanian wrote: > >> Consider, if you will, a domain that has absolutely no "content", but is >> the command and control for a fast flux botnet. Which has been the case >> with both the latvian as well as austrian cctld cases. >> > > Same thing. > The controllers must run on a server with an IP address, > destroy these servers. > > The domainname is just a name, its the hostnames in the domains > nameserver pointing to an IP and a server with whatever service > running under that IP. > Its likely that the botnet owner uses another domainname, > if you remove it. > > botnet owners arent stupid. > > > Kind regards, Frank > > >> On Jun 26, 2013 7:52 PM, "Frank Gadegast" <ripe-anti-spam-wg at powerweb.de >> <mailto:ripe-anti-spam-wg@**powerweb.de <ripe-anti-spam-wg at powerweb.de>>> >> wrote: >> >> Suresh Ramasubramanian wrote: >> >> Just want to note, that domainnames themself cant be >> dangerous (of course using a similar name could cos >> problems with trademarks and the like). >> >> Its only the content thats dangerous, eMail or webpage. >> So its more a problem of the people running the services >> and these are either hacked sites or ISPs tolerating >> or deliberatly hosting this content. >> >> Asking a TLD registry to remove domainnames because >> of pishing its then somehow to wrong place to start, >> specially for Spamhaus, they should know better and >> simply place all those IPs on their lists ... >> >> >> BTW: >> just found the service "Google Safe Browsing Alerts >> for Network Administrators" where every AS owner can >> register under >> http://www.google.com/__**safebrowsing/alerts/<http://www.google.com/__safebrowsing/alerts/> >> <http://www.google.com/**safebrowsing/alerts/<http://www.google.com/safebrowsing/alerts/> >> > >> to receive notification about doubtful content >> Google might find, when spidering your network. >> >> This could be pretty usefull to remove pishing >> and hacked sites for pretty quick. >> >> >> >> Kind regards, Frank >> >> There are of course multiple sides to that story as well. >> >> Like a massive infestation of rock phish domains which, too, were >> knowingly disregarding local law, and were present in rather >> massive >> quantities on the .at ccTLD at that time. >> >> http://www.spamhaus.org/__**organization/statement/7/<http://www.spamhaus.org/__organization/statement/7/> >> <http://www.spamhaus.org/**organization/statement/7/<http://www.spamhaus.org/organization/statement/7/> >> > >> >> --srs >> >> On Wednesday, June 26, 2013, Wilfried Woeber wrote: >> >> Erik Bais wrote: >> [...] >> > For those that want to read up on what actually happened >> on that >> specific >> > incident in Latvia (July/August 2010), have a read on the >> following open >> > letter from CERT.lv >> > >> > https://cert.lv/uploads/__**uploads/OpenLetter.pdf<https://cert.lv/uploads/__uploads/OpenLetter.pdf> >> <https://cert.lv/uploads/**uploads/OpenLetter.pdf<https://cert.lv/uploads/uploads/OpenLetter.pdf> >> > >> >> And this actually wasn't the only or the first "incident" >> with Spamhaus. >> They also tried similer *piep*^Wbullying against NIC.at >> before. >> >> Which actually has discredited Spamhaus in my personal >> opinion for sure, >> for knowingly disregarding local law, but that's slightly >> OT here - but >> maybe not... >> >> > Erik Bais >> >> Wilfried. >> >> >> >> -- >> --srs (iPad) >> >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20130626/db06a2be/attachment.html>
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]