> ------------------------------
>
> Message: 2
> Date: Tue, 26 Sep 2006 03:43:53 -0500 (CDT)
> From: Gadi Evron <ge@xxxxxxxxxxxx>
> Subject: [Full-disclosure] the anti botnet market for ISPs and
> corporate networks
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID: <Pine.LNX.4.21.0609260343180.28909-100000@xxxxxxxxxxxx>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Is here. Several companies are rehearsing their old products and
> buzzwording them for DDoS mitigation or botnets, but not Trend Micro.
>
> Trend Micro released a brand new product, implemented with
> the novel idea
> of utilizing DNS to detect bots on an ISP or corporate network.
>
> Whether by massive requests for a C&C (bots phoning home) or massive
> requests for an MX record (spam bots), looking for negative
> caching (NX
> being cached (as the C&C is not there yet but requested) and beyond.
> It works. I don't know if that's what Trend Micro is doing,
> but it's one
> step in the right direction to better botnet detection and mitigation.
>
> Larry Seltzer wrote a good article on it:
>
>
> This idea has been explored before:
>
> The Domain Name Service as an IDS - NANOG archives:
>
> and:
>
> The original paper can be found, here:
>
> (these guys were cool enough to reference me, hehe)
>
> Other papers were linked to from the above mentioned post.
>
> This is pretty cool, and is worth a look. I guess we will
> find out what
> this commercialized technology is worth now that it is out of the
> home-grown/academic tools realm.
>
> Gadi.
>
>
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -
>
> End of Full-Disclosure Digest, Vol 19, Issue 43
> ***********************************************
>
