[Dailydave] Beyond Fast Flux

[Brandon Enright]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 14 Dec 2007 13:03:56 -0600 (CST)
Gadi Evron <ge at linuxbox.org> wrote:

> On Fri, 14 Dec 2007, Dave Aitel wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > http://www.immunityinc.com/resources-papers.shtml
> >
> > Immunity has released a presentation regarding CANVAS's
> > next-generation client-side attack framework available at the above
> > URL.
> 
> Good work and interesting presentation, however, you guys should
> consider clueing up on what's out there before you make assumptions,
> as your C&C ideas, although neat, are light-years behind the
> criminals.
> 
> Which side of the fence are you on again?
> 
>  	Gadi.


Gadi,

If you're going to attack something you should back your argument up
with a little evidence.  The C&C methods mentioned in the paper are:

* IRC
* HTTP to single server
* Fast-Flux of DNS Servers
* Storm P2P protocols
* PINK

About the only thing they missed was DHT, which is arguably covered by
Storm.

PINK is a good idea.  If it really is light-years behind the criminals
show us the papers, presentations, and discussions of more advanced C&C.
If your argument is that PINK is primitive or that it won't work,
respond with a paper, a countermeasure, or at the very least a detailed
email of possible flaws in it.  C'mon, Gadi, you know better.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHYzTQqaGPzAsl94IRApqWAJ9Vh90WStxKVsiz2cBwJX3JgEJMtgCbB5ms
tOhDuAU2XR9FnRjlxRTHG4Y=
=PVAw
-----END PGP SIGNATURE-----