Putting Some Circuit Breakers Into DNS to Protect The Net by Karl Auerbach

… For example, a virus that takes over a victim’s computer might communicate with its control point, or send its captured/stolen information, by looking up a domain name. Normally domain names are somewhat static – the addresses they map to don’t change very frequently – typically changes occur over periods measured in months or longer. What the bad folks are doing is to change the meaning of those domain names very rapidly, from minute to minute, thus shifting the control point. They rapidly change the contents of DNS records in the authoritative servers for that domain. They couple this with low TTL (time-to-live) values on DNS information, thus preventing cached information from surviving very long and thus erasing one source of audit trails and covering their tracks.

Putting Some Circuit Breakers Into DNS to Protect The Net by Karl Auerbach
… For example, a virus that takes over a victim’s computer might communicate with its control point, or send its captured/stolen information, by looking up a domain name. Normally domain names are somewhat static – the addresses they map to don’t change very frequently – typically changes occur over periods measured in months or longer. What the bad folks are doing is to change the meaning of those domain names very rapidly, from minute to minute, thus shifting the control point. They rapidly change the contents of DNS records in the authoritative servers for that domain. They couple this with low TTL (time-to-live) values on DNS information, thus preventing cached information from surviving very long and thus erasing one source of audit trails and covering their tracks.
http://www.circleid.com/posts/circuit_breakers_dns_protect/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.