Date: Sat, 18 Feb 2006 22:18:41 +0200
From: Gadi Evron <ge@linuxbox.org.>
To: [email protected]Subject: [operational update] Looking behind the smoke screen of the Internet
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Sat, 18 Feb 2006 14:20:05 -0600 (CST)
X-Virus-Scanned: antivirus-gw at tyumen.ru
In the following (quick & dirty) write-up (which is too big for sending
into bugtraq) I start by discussing some recent threats network
operators should be aware of, such as recursive DNS attacks.
Also, a bit on the state of the Internet, cooperation across different
fields and how these latest threats with DDoS also relate to worms and
bots, as well as spam, phishing and the immense ROI organized crime sees.
Then I try and bring some suggestions on what can be done better, and
where we as a community, as well as specifically where us, the "secret
hand-shake clubs" of Internet security fail and succeed.
Over-secrecy, lack of cooperation, lack of public information, and not
being secret enough about what really matters.
On the surface you can read about the attacks, how registered domains
with a name created by a specific algorithm to serve as a botnet command
and control server, while spammers use name servers other than their own
to spamvertise from and switch back, while the DNS RR's change IP
addresses every few minutes.
Below the surface you will have to see what you understand as I get
different responses from different people.
Looking behind the smoke screen of the Internet: DNS recursive attacks,
spamvertised domains, phishing, botnet C&C▓s, International
Infrastructure and you
The write-up can be found here:
http://blogs.securiteam.com/index.php/archives/298
Thanks,
Gadi Evron.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.