[nsp-sec] [SPAM] Re: [SPAM] rundll841.com wwwDOTwin496.com wwwDOTtag58.com err68.com and sysid72.com sqlinjection sites.
Stephen Gill
gillsr at cymru.com
Thu Jun 5 15:43:07 EDT 2008
We can either stop it at that time, or create a whitelist if manageable...
Bottom line, we want quality categories so if things get murky and difficult
to discern we can just stop it all together.
-- steve
On 6/5/08 12:35 PM, "John Kristoff" <jtk at ultradns.net> wrote:
> ----------- nsp-security Confidential --------
>
> On Wed, 04 Jun 2008 14:23:43 -0700
> Stephen Gill <gillsr at cymru.com> wrote:
>
>> We may have a fastflux feed available soon, so if there are any folks that
>> would like to contribute to it for the ASN Alerts, please let us know!
>
> Fair warning, while fast flux is largely and almost exclusively used
> by the miscreants, don't expect it to stay that way. It is potentially
> a useful technique for legitimate DNS-based operations.
>
> John
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list