[dns-operations] MX record scanning

"José A. Domínguez" jd at network-services.uoregon.edu
Wed May 11 19:53:45 UTC 2011


On 05/11/2011 12:27 PM, Gilles Massen wrote:
> 
> Why has there to be an entity "in charge"? From an operational point of
> view the CERT to whom you are affiliated would seem the right choice. It
> might not have the resources to handle it, but should have the contacts to
> forward it to a useful place (cf. the email from Tim, Team Cymru). From an
> idealistic point I'd rather have law enforcement track down the
> spammers....that is the *only* effective manner.
> 
> But the point I'm trying to make is that this is not a specific DNS
> problem: DNS is one little helper in the chain. At the end of the day, the
> bot is sending a spam email and will get caught by a spamtrap. Like the
> others that are not working on a poisoned list.
> 

I agree with your statements right now. Once thing that we should try to
get is forensics in some of the machines doing this query so we can figure
out which botnet (or botnets) we are dealing with and whether it is just
new service on top of some well-know botnets.

José.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110511/2a42120c/attachment.sig>


More information about the dns-operations mailing list