On Thu, May 14, 2009 at 4:58 PM, Mark Andrews <[email protected]> wrote: >> If I were an ISP, and I knew that approximately 99.9% of customer >> queries to random name servers was malware doing fake site phishing or >> misconfigured PCs that will work OK and avoid a support call if they >> answer the DNS query, with 0.1% being old weenies like us, I'd do what >> Sprint's doing, too. > > And what's the next protocol that is going to be stomped on?
I was going to say, "will the ISP also remove the DNS MITM the day that 99.9% of malware moves its command-and-control to the HTTP or other layer?". I figured why bother - but your point drives it home even further. dre
