[Dshield] Question

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jan 25 20:10:58 GMT 2007


On Thu, 25 Jan 2007 14:25:39 EST, Glenn Jarvis said:
> I was wondering if someone could give me a accurate definition of the
> following statement that I've read.
> 
> "Who ever owns this site has chosen to hide their identity behind various
> internet doors."

Probably means that the true ownership is obfuscated, via means ranging from
bogus data in the domain registration, to registering it via one of the
registrars that won't divulge the ownership without a court order (which
I'm OK with, as long as they're willing to be a forwarding service for
"Hey, your DNS server is hosed up" type mail...), to having the site
registered in the name of a dummy corporation, to using fast-flux DNS
to point the site to an array of machines scattered across the world where
the ownership is difficult to determine (Often with an added level of
obfuscation in that the target of the fast-flux pointer is one/more of
an army of zombies running a small webserver to serve up traffic), to
other even more nefarious means....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070125/2e38678d/attachment.bin 


More information about the list mailing list