Randy wrote: <<snip>> > "Fast-Flux", its called. Who on this list is up to date on this? I > would be interested in understanding this if this is what we have to > fight. > I have been asleep in this area. I'm googling now but links are welcomed!
Fast-flux is well over two years old and has been the source of a deal of trouble in the incident-response community because of the total lack of clue so many registrars have of this technique. Nuking a fluxing domain primarily depends on killing the domain(s) of the DNS and getting (clueless) registrars to kill domains that appear to be (purely) for the provision of DNS services can be a real battle, even when the only domains being serviced by those DNS domains are domains in every URL blocklist. Ohhhh, and it certainly hasn't been helped by _TOTALLY_ clueless moves such as ICANN's purely evil-assisting "domain tasting" idiocy... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
