On Fri, Dec 11, 2009 at 8:29 PM, <[email protected]> wrote: > On Fri, 11 Dec 2009 20:00:34 CST, RandallM said: > > i am so sorry. I just don't understand this. Computer is infected. user > has > > DNS redirects to any and all site for help. Why can't the good guys use > some > > type of fast flux or url obfuscation to hide help standalone software to > > down load and use? > > Hint - if you can find it, or the good guys software can find it, the bad > guys software can *also* find it and disable the queries. > > Sure, if www.mcafee.com is really 1234dd432423.wdfasdf241234edre.com, but > only till midnite, then you need to look at 3343edrewerwer.13421343.com > that's not going to help you get your machine disinfected, is it? > > Heck - the bad guys don't even need to know how it's generated - they can > get a pretty good idea by just tapping into the DNS resolver library and > looking for obfuscated names they don't fast-flux themselves. Just tossing > out www.anything, mail.anything, and maybe 3-4 others, and you're looking > at a pretty damned good filter for the good-guys fast-flux sites. > > GAWD I hate it when you all "might be right". But I still believe cause I care.
-- been great, thanks a.k.a System
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
