This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Thu Jun 27 16:50:48 CEST 2013
Suresh Ramasubramanian wrote: > On Thursday, June 27, 2013, Frank Gadegast wrote: > > Any nameserver has to be registered with the registry of the domain > (is there another way DNS works, I dont know ?) > > So: you can always find the server running the nameserver for that > domain. > Take this server down. > > > for fastflux, take it down and theres a fresh ns real soon. then what? The botnet has usually one domain wired into the bot. This domain "a" is running on a nameserver. The bot is asking the nameserver (wich isnt changed by the botnet owner) for a second domain "b" (wich might not be registrered at all, but configured) running fastflux for the IP of its control servers. But: you can find the domain "a" by reverse engeneering the bot. Find the nameservers for "a" and your done. And if the bot is doing only single fastflux, the botnet owner HAS to update the domain at the registry, makes it even easier. Take the first nameservers down, wait for the update at the registry, take the next two nameservers down aso until there is none left. Complaining about Registries isnt the right start, even if it would make things easy. Domains could change, even complaining about the nameservers on hacked servers isnt the right start (probably because they are hosted in countries where you have no chance to to find a legal argument to take them down). I would even argue that not only the domainname cannot harm anybody, the nameservers arent doing that too. A nameservice itself isnt something illegal even if it resolves IPs for a botnet (except it resides on a hacked und misused server and if that is illegal in the country where it resides). They are both only part of a system. The harmfull parts are the bots and the intruded and misused servers, if you delete the domainname, they are all still floating about and will be soon part of the next botnet ... I personally would start at the other end and force Microsoft legally to only have PCs connected to the Internet that have an AntiVirus solution installed and running ... But then you have the antitrust agencies arguing that Microsoft is not allowed to install a antivirus solutions because it wouldnt be that nice to their competitors ... And surely have laws in all countries to forbid to run servers delivering malware and force the ISPs to remove them after knowledge ... Kind regards, Frank > > Lets say somebodies name is "John Doo". The name itself cannot > harm anybody, the person "named" John Doo can. > > > headdesk. > > > > -- > --srs (iPad)
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]