IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: DNS visibility, malware C&C, exfiltration, etc.

"Winfield, Alister" <Alister.Winfield@sky.uk> Thu, 30 May 2019 09:14 UTC

Return-Path: <Alister.Winfield@sky.uk>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B79120112 for <add@ietfa.amsl.com>; Thu, 30 May 2019 02:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wKSRyRGoxFTv for <add@ietfa.amsl.com>; Thu, 30 May 2019 02:14:48 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150074.outbound.protection.outlook.com [40.107.15.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72903120044 for <add@ietf.org>; Thu, 30 May 2019 02:14:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JJmIDPHuOcSKjdi8h28Zvu+thpNdi+pS6sEcMNLi6rI=; b=GvRMfSG4fT3QbVi5k6mAdb0J23wew/CL2cClwN4x6xZZ486XRTGH/xh5fNEUGadNPsHrb4ReF0CBW+modys50/K2IR6oI3D2hR4etsKpr6r42q/KwhGRNyqrhQFy8bsO76NPExPX7TuOuqvNDCj28fm7QTOytj+4vy42iI3F2+o=
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com (10.168.51.153) by DB6PR0601MB2581.eurprd06.prod.outlook.com (10.168.82.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.21; Thu, 30 May 2019 09:14:45 +0000
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::410:431d:7a2f:a9b5]) by DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::410:431d:7a2f:a9b5%8]) with mapi id 15.20.1922.021; Thu, 30 May 2019 09:14:45 +0000
From: "Winfield, Alister" <Alister.Winfield@sky.uk>
To: Tom Ritter <tom@ritter.vg>, Brian Dickson <brian.peter.dickson@gmail.com>
CC: "add@ietf.org" <add@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Add] DNS visibility, malware C&C, exfiltration, etc.
Thread-Index: AQHVFmH3C5w4CHhpRkWlo1MWE9KSXKaDdD6A
Date: Thu, 30 May 2019 09:14:45 +0000
Message-ID: <75437220-22EC-4012-A767-6A6F53BF23A8@sky.uk>
References: <CAH1iCiqScUQQ00G+9a8UxU30pmFGPvy0W=EMsbx98dtdYWCSKw@mail.gmail.com> <CA+cU71=Jn8N+HstMeuQ4kQ4VYC9z6vzVF15Xv8TnqTN+tupb0Q@mail.gmail.com>
In-Reply-To: <CA+cU71=Jn8N+HstMeuQ4kQ4VYC9z6vzVF15Xv8TnqTN+tupb0Q@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alister.Winfield@sky.uk;
x-originating-ip: [2a02:c7d:e2db:2400:ac8c:be08:9416:c057]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 849258eb-0c52-44bb-b71e-08d6e4df422b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB6PR0601MB2581;
x-ms-traffictypediagnostic: DB6PR0601MB2581:
x-microsoft-antispam-prvs: <DB6PR0601MB2581974B53DF8083928F4586E3180@DB6PR0601MB2581.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-forefront-prvs: 00531FAC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(376002)(39860400002)(366004)(199004)(189003)(64756008)(81166006)(8676002)(81156014)(6486002)(14454004)(74482002)(8936002)(2906002)(66446008)(66556008)(66476007)(6512007)(305945005)(72206003)(76116006)(73956011)(58126008)(5660300002)(102836004)(91956017)(86362001)(316002)(110136005)(66946007)(478600001)(5024004)(14444005)(82746002)(25786009)(256004)(11346002)(6116002)(229853002)(53546011)(446003)(6436002)(186003)(4326008)(7736002)(76176011)(6506007)(476003)(53936002)(33656002)(99286004)(6246003)(46003)(71190400001)(83716004)(486006)(36756003)(2616005)(71200400001)(68736007); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2581; H:DB6PR0601MB2184.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: U8IrPk0neKa4mj97uuYHJHb7QiRZUiq+rMHXpM41dP4nw4oLkz/5ZQ3wwvainmweJ8VvisTZMDZWWGFtwRhyth0dVjRl5G8jA7XOTA0kGbX2+Hn7bTZjGhnpl3NOm6wDCzLwEheGBZlXjM6k8PJOEdYpI69yus0B7aw42XUtkCbsOVB5VNBPlWRxefWSkMaymnIlkFSOYQUHyiVM9Dhs1el+KDSZZw5jfgTK5I/E7bC6YLO5MQHU1B0cAG2V/7UHH3gN7tSILUXbCvQD17t+xlcexEIU09mJ6hLGpshyFn2rn+PLk4WxjPx4QG1ZDMXApswDrYO8Gq+R3fZAm2A1i4O7htoG6bLn74SgOhWavlG8L0mKE39vRNCo6/GVh4PDSgpEXyawM37CFCWzX8QmErUPA8YjXb/L98sqjzTGb38=
Content-Type: text/plain; charset="utf-8"
Content-ID: <B8CFDCE8D9DDB742AD0C8A2EB08770EF@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 849258eb-0c52-44bb-b71e-08d6e4df422b
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2019 09:14:45.8134 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: alister.winfield@sky.uk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2581
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/_pDyNGEYO2YVOn4L60uMJDO8UHw>
Subject: Re: [Add] [EXTERNAL] Re: DNS visibility, malware C&C, exfiltration, etc.
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 09:14:52 -0000

On 29/05/2019, 22:03, "Add on behalf of Tom Ritter" <add-bounces@ietf.org on behalf of tom@ritter.vg> wrote:

    On Wed, 29 May 2019 at 20:43, Brian Dickson
    <brian.peter.dickson@gmail.com> wrote:
    > admin-only enabling of DoH/DoT (which can be a policy pushed to managed systems)
    > a hardcoded TRR list for DoH/DoT

    Sure; I think these are perfectly reasonable enterprise policies to support.


I think they are similar to what many households want too.

Alister Winfield.



Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD

v2.23.0 | Report a Bug | By Email