Re: Avalanche botnet takedown

I did some snippage, but I believe I kept to the idea. :: you seem to want various laws made to control it. > Yes. It's a global network. I want to say what country's laws, but see below. Also, if you want something to be broken beyond recognition get a government to regulate it.

Re: Avalanche botnet takedown

In message <20161201201124.982f2...@m0086238.ppops.net>, sur...@mauigateway.com wrote: >In message <20161201124527.9be45...@m0087798.ppops.net>, >sur...@mauigateway.com wrote: > >>What is your suggestion to keep the sky from falling? > >My full answer, if fully elaborated, would bore you and

Re: [nanog] Avalanche botnet takedown

If I could have it my way, I would say no gTLD’s should be allowed to transmit any email messages whatsoever. And force them to either use something like sendgrid.com or to purchase a primary .com, .org, .net .co.uk whatever etc.. But thats just me. It’s not a nice world but it is just the

Re: Avalanche botnet takedown

[ Reposted with proper Subject line. My apologies. Insufficient coffee. ] On Thu, Dec 01, 2016 at 03:01:50PM -0800, Ronald F. Guilmette wrote: > As you probably know Rich, that's not exactly a novel observation. Vixie > was already saying it a full six years ago, and things have only gotten >

Re: [nanog] Re: Avalanche botnet takedown

According to a 2015 paper, 85% of new gTLDs domains was some form of parking, defensive redirect, unused, etc: Hugo On 15:02 01/12, J. Hellenthal wrote: > 99% ? That's a pretty high figure there. > > -- > Onward!, > Jason

Re: Avalanche botnet takedown

Ronald F. Guilmette wrote: > > P.P.S. I love this part of the press release, because it is so telling: > > "The successful takedown of this server infrastructure was supported > by ... Registrar of Last Resort, ICANN..." Note that these are the names of two

Re: Avalanche botnet takedown

--- r...@tristatelogic.com wrote: From: "Ronald F. Guilmette" In message <20161201124527.9be45...@m0087798.ppops.net>, sur...@mauigateway.com wrote: >What is your suggestion to keep the sky from falling? My full answer, if fully elaborated, would bore you and

Re: Avalanche botnet takedown

I'm just assuming this because it doesn't say anywhere, but given the context it seems likely to me that almost none of the 90 domains were actually registered. It sounds more likely that they figured out how the domain generation algorithm works and instructed the registries to block out

Re: Avalanche botnet takedown

In message <20161201205647.ga8...@gsp.org>, Rich Kulawiec wrote: >2. As an aside, I've been doing a little research project for a >few years, focused on domains. I've become convinced that *at least* >99% of domains belong to abusers: spammers, phishers, typosquatters, >malware

Re: Avalanche botnet takedown

In message <20161201124527.9be45...@m0087798.ppops.net>, sur...@mauigateway.com wrote: >What is your suggestion to keep the sky from falling? My full answer, if fully elaborated, would bore you and everybody else to tears, so I'll try to give you an abbreviated version. It seems to be that it

Re: Avalanche botnet takedown

On Thu, Dec 01, 2016 at 03:02:30PM -0600, J. Hellenthal wrote: > 99% ? That's a pretty high figure there. Yeah. I thought so too. For the first ten years. Now I think it's not nearly high enough. Let me give you three examples -- the three that happen to be occupying my attention at the

RE: Avalanche botnet takedown

, 2016 1:45 PM To: nanog@nanog.org Subject: Re: Avalanche botnet takedown --- r...@tristatelogic.com wrote: From: "Ronald F. Guilmette" <r...@tristatelogic.com> The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking

Re: Avalanche botnet takedown

straight from the horse's mouth -- they said "99.99% of the 900,000 domains" have been sinkholed. Justin Paine Head of Trust & Safety Cloudflare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D On Thu, Dec 1, 2016 at 1:02 PM, J. Hellenthal

Re: Avalanche botnet takedown

99% ? That's a pretty high figure there. -- Onward!, Jason Hellenthal, Systems & Network Admin, Mobile: 0x9CA0BD58, JJH48-ARIN On Dec 1, 2016, at 14:56, Rich Kulawiec wrote: > On Thu, Dec 01, 2016 at 05:34:26PM -, John Levine wrote: > [...] 800,000 domain names used

Re: Avalanche botnet takedown

On Thu, Dec 01, 2016 at 05:34:26PM -, John Levine wrote: > [...] 800,000 domain names used to control it. 1. Which is why abusers are registrars' best customers and why (some) registrars work so very hard to support and shield them. 2. As an aside, I've been doing a little research project

Re: Avalanche botnet takedown

--- r...@tristatelogic.com wrote: From: "Ronald F. Guilmette" The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases. It is attacking itself. And its immune system, such as it is, clearly ain't working. There's going to come

Re: Avalanche botnet takedown

> P.S. WTF is "double fast flux[tm]”? Double fast-flux is when not only the TTL is set very low on the A record(s), bit also on the NS: https://en.wikipedia.org/wiki/Fast_flux - ferg > On Dec 1, 2016, at 12:38 PM, Ronald F. Guilmette > wrote: > > > In message

Re: Avalanche botnet takedown

In message <20161201173426.2861.qm...@ary.lan>, "John Levine" wrote: >More info here: > >https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation I'm always happy when even a small handful of miscreants are

Re: Avalanche botnet takedown

>From my understanding Avalanche wasn't a single botnet but was high availability infrastructure used by multiple different families/operators. -AK On Dec 1, 2016 10:37 AM, "John Levine" wrote: > Avalanche is a large nasty botnet, which was just disabled by a large >

Avalanche botnet takedown

Avalanche is a large nasty botnet, which was just disabled by a large coordinated action by industry and law enforcement in multiple countries. It was a lot of work, involving among other things disabling or sinkholing 800,000 domain names used to control it. More info here: