[dns-operations] Introducing DNSCrypt

Jothan Frakes jothan at gmail.com
Wed Dec 7 04:48:31 UTC 2011


Isn't that bot/c&c visibility just opaque on the local or other transport
nets? seems like Opendns or the server providing encrypted responses would
see it.

In fact, this might provide a cental resolver a mode complete picture of
bot/c&c activity levels, absent interventions.

It could even be said that this might improve detection of activity that
might otherwise be below an observeable threshold due to current
interventions.
On Dec 6, 2011 5:54 PM, "Dobbins, Roland" <rdobbins at arbor.net> wrote:

>
> On Dec 6, 2011, at 10:17 PM, David Ulevitch wrote:
>
> > The goal of DNSCrypt is to provide encryption of all DNS traffic between
> stubs and resolvers
>
> There's a very large opsec downside to this - namely, the loss of
> visibility into botnet C&C queries and DNS DDoS traffic.
>
> Folks who wish to encrypt their DNS queries can make use of existing
> encrypted VPN technologies.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>                The basis of optimism is sheer terror.
>
>                          -- Oscar Wilde
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20111206/19a51564/attachment.html>


More information about the dns-operations mailing list