[nsp-sec] FW: Storm worm changing DNS resolver settings on victim system
John Kristoff
jtk at ultradns.net
Wed Mar 12 14:31:04 EDT 2008
On Wed, 12 Mar 2008 11:11:41 -0700
"Barry Greene (bgreene)" <bgreene at cisco.com> wrote:
> Our next response would be to block port 53 to any DNS server but our
> own servers (i.e. force customer to use the SP's infrastructure).
That is the consequence I had in mind. Some already do this with
varying degrees of success and consequences.
> What
> would the next consequence be in the chain of consequences? Jump to a
> different port?
Difficult to say. Would be hard for DNS to simply jump to another
port though. Miscreants not relying on DNS in the traditional way.
There are alternatives to DNS of course. Tunneling is also useful
for both good and bad. There are also ways around these simplistic
filters. Maybe they offload DNS queries and sell "MX lists" like
miscreants distribute and sell email lists now. Feel free to move
this to -discuss.
John
More information about the nsp-security
mailing list