incrediBILL - 11:14 pm on May 5, 2008 (gmt 0)

Are you proposing a whitelist of DNS servers or a blacklist?

I'm proposing to blacklist just the small list of "FREE" subdomain dynamic DNS accounts, a very small subset of DNS servers, should be blacklisted.

They add no value and support the latest rampage of 3 separate botnets.

This would have no impact on %99.999999999999999 of the websites out there using dynamic DNS unless it was the free accounts.

because the bots can act as DNS servers

That doesn't work because shutting down a bot DNS server knocks the network offline.

You have to read the white papers on how these particular bots work to understand how my suggestion takes over 500K machines out of a botnet right away.

I'm not discussing all possible scenarios, don't care about those, we have a current threat that when combined controls a minimum of 500K machines and knocking all those spamming machines offline, offline as far as the botnet is concerned, is quite simple for this round of botnet blocking.

FYI, this isn't rocket science as I can block the small list of dynamic DNS servers from my home router to make sure none of my machines are on the botnet, so I'm sure it can be done at a higher level.

[edited by: incrediBILL at 11:25 pm (utc) on May 5, 2008]