[Dailydave] Beyond Fast Flux
Paul Ferguson
fergdawg at netzero.net
Fri Dec 14 21:44:30 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- Brandon Enright <bmenrigh at ucsd.edu> wrote:
>If you're going to attack something you should back your argument up
>with a little evidence. The C&C methods mentioned in the paper are:
>
>* IRC
>* HTTP to single server
>* Fast-Flux of DNS Servers
>* Storm P2P protocols
>* PINK
>
>About the only thing they missed was DHT, which is arguably covered by
>Storm.
>
>PINK is a good idea. If it really is light-years behind the criminals
>show us the papers, presentations, and discussions of more advanced >C&C.
>If your argument is that PINK is primitive or that it won't work,
>respond with a paper, a countermeasure, or at the very least a detailed
>email of possible flaws in it. C'mon, Gadi, you know better.
>
What about Open DNS resolvers, using double-flux, combined with the
Storm Overnet?
:-)
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHYz+Nq1pz9mNUZTMRAv6HAJ9ImdXXvj2bFKn3g45Mo236RjAF3QCg8ohH
yTozjLY3oGFre6ntmOtKwQs=
=8fSS
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the Dailydave
mailing list