<<<
Chronological Index
>>> <<<
Thread Index
>>>
Comment on Fastflux
- To: <fast-flux-initial-report@xxxxxxxxx>
- Subject: Comment on Fastflux
- From: "Suresh Ramasubramanian" <suresh@xxxxxxxxxx>
- Date: Sat, 14 Feb 2009 06:54:16 +0530
Fastflux in its few legitimate applications such as load balancing usually does
not share the characteristics of abusive fastflux -
1. It does not use thousands of hijacked hosts - an entire botnet - spread
across several continents
2. The reverse dns and such of IPs under full control of the provider concerned
have reverse dns and such properly setup, or at least IP ownership data
properly registered with each ISP they get IP space from - the IPs are not
hijacked PCs on broadband connections
3. They aren't based on throwaway domains with fake whois contacts (yes, I will
open that related and older can of worms here too) that are quite often bought
with stolen cards.
4. The vast majority of fastflux is used for criminal purposes, and is hosted
on illegally acquired (hijacked using viruses etc) hosts.
5. Registrars and coordinating them, registries, are the single point of
failure for a dns based fastflux or double fast flux (where the NS itself
fluxes, not just the A record of the host)
srs
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|