Tuesday, April 03, 2007

Putting Some Circuit Breakers Into DNS to Protect The Net

Karl Auerbach writes on CircleID:

There are a lot of bad, but smart, people out there on the net.

They are quick to find and capitalize on vulnerabilities, particularly those vulnerabilities in mass market software.

These bad folks are quite creative when it comes to making it hard to locate and shutdown the computers involved.

For example, a virus that takes over a victim’s computer might communicate with its control point, or send its captured/stolen information, by looking up a domain name. Normally domain names are somewhat static - the addresses they map to don’t change very frequently - typically changes occur over periods measured in months or longer.

What the bad folks are doing is to change the meaning of those domain names very rapidly, from minute to minute, thus shifting the control point. They rapidly change the contents of DNS records in the authoritative servers for that domain. They couple this with low TTL (time-to-live) values on DNS information, thus preventing cached information from surviving very long and thus erasing one source of audit trails and covering their tracks.

More here.

0 Comments:

Post a Comment

<< Home