Putting Some Circuit Breakers Into DNS to Protect the Net
CircleID (04/03/07) Auerbach, Karl
Smart criminals on the Internet are using viruses to take over computers and are then hiding the location of these computers and preventing the PCs from being shut down by rapidly changing the address data that domain names represent, moving the domain's control point from minute to minute. Changes to the address data normally take several months or longer to occur. But the criminals are quickly changing the DNS records in the authoritative servers for a given domain and then combining this technique with low time-to-live values on DNS information, which causes cached data to be eliminated quickly. In this manner, the criminals are protecting themselves by eliminating a potential audit trail. The criminals are using the same tactic on the name servers used for the domain, making it more difficult to come to grips with the attack. One potential solution to this problem offered by Karl Auerbach is an Internet "circuit breaker" that calls for domain names, such as example.com, to be removed from their zones, such as .com, during an emergency situation. This circuit breaker would prevent domains from being resolved and would prevent the quick shifting of A and NS records.
Click Here to View Full Article
Fonte: ACM TechNews; Monday, April 9, 2007