[gnso-ff-pdp-may08] http://isc.sans.org/diary.html?storyid=4840 and Fastflux

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

For those who haven't seen it, I'd urge you read the ISC handlers 
diary article... nice practical example of why we need a scalable
solution for handling fastflux domains. :-;

Regards,

Joe

article snippet follows...

"Cleanup in isle 3 please. Asprox lying around"
http://isc.sans.org/diary.html?storyid=4840
Last Updated: 2008-08-07 14:43:56 UTC
by Mark Hofman (Version: 1)

"Whilst looking for something completely different I came across our old 
friend ASPROX See previous diary [link] from Marc

"It seems that a lot of the domains used by this are still or again 
active.  Typically using FAST FLUX. [emphasis added]  [snip]

"Doing a quick search using our friend Google I ended up with 1,470,000 
sites that are currently infected."  [article continues, including
describing how to identify infected pages at your own site]