On Jun 26, 2013 8:49 PM, "Frank Gadegast" <ripe-anti-spam-wg@powerweb.de> wrote:

Suresh Ramasubramanian wrote:

Consider, if you will, a domain that has absolutely no "content", but is
the command and control for a fast flux botnet.  Which has been the case
with both the latvian as well as austrian cctld cases.

Same thing.
The controllers must run on a server with an IP address,
destroy these servers.

The domainname is just a name, its the hostnames in the domains
nameserver pointing to an IP and a server with whatever service
running under that IP.
Its likely that the botnet owner uses another domainname,
if you remove it.

botnet owners arent stupid.


Kind regards, Frank

On Jun 26, 2013 7:52 PM, "Frank Gadegast" <ripe-anti-spam-wg@powerweb.de
<mailto:ripe-anti-spam-wg@powerweb.de>> wrote:

    Suresh Ramasubramanian wrote:

    Just want to note, that domainnames themself cant be
    dangerous (of course using a similar name could cos
    problems with trademarks and the like).

    Its only the content thats dangerous, eMail or webpage.
    So its more a problem of the people running the services
    and these are either hacked sites or ISPs tolerating
    or deliberatly hosting this content.

    Asking a TLD registry to remove domainnames because
    of pishing its then somehow to wrong place to start,
    specially for Spamhaus, they should know better and
    simply place all those IPs on their lists ...


    BTW:
    just found the service "Google Safe Browsing Alerts
    for Network Administrators" where every AS owner can
    register under
    http://www.google.com/__safebrowsing/alerts/
    <http://www.google.com/safebrowsing/alerts/>
    to receive notification about doubtful content
    Google might find, when spidering your network.

    This could be pretty usefull to remove pishing
    and hacked sites for pretty quick.



    Kind regards, Frank

        There are of course multiple sides to that story as well.

        Like a massive infestation of rock phish domains which, too, were
        knowingly disregarding local law, and were present in rather massive
        quantities on the .at ccTLD at that time.

        http://www.spamhaus.org/__organization/statement/7/
        <http://www.spamhaus.org/organization/statement/7/>

        --srs

        On Wednesday, June 26, 2013, Wilfried Woeber wrote:

             Erik Bais wrote:
             [...]
              > For those that want to read up on what actually happened
        on that
             specific
              > incident in Latvia (July/August 2010), have a read on the
             following open
              > letter from CERT.lv
              >
              > https://cert.lv/uploads/__uploads/OpenLetter.pdf
        <https://cert.lv/uploads/uploads/OpenLetter.pdf>

             And this actually wasn't the only or the first "incident"
        with Spamhaus.
             They also tried similer *piep*^Wbullying against NIC.at before.

             Which actually has discredited Spamhaus in my personal
        opinion for sure,
             for knowingly disregarding local law, but that's slightly
        OT here - but
             maybe not...

              > Erik Bais

             Wilfried.



        --
        --srs (iPad)