Re: [Add] Malware quickly adopting DoH
Alec Muffett <alec.muffett@gmail.com> Tue, 10 September 2019 07:29 UTC
Return-Path: <alec.muffett@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83DB812004F for <add@ietfa.amsl.com>; Tue, 10 Sep 2019 00:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfmin9waqkp4 for <add@ietfa.amsl.com>; Tue, 10 Sep 2019 00:29:24 -0700 (PDT)
Received: from mail-yw1-xc2a.google.com (mail-yw1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E75A512004E for <add@ietf.org>; Tue, 10 Sep 2019 00:29:23 -0700 (PDT)
Received: by mail-yw1-xc2a.google.com with SMTP id d19so4136320ywa.0 for <add@ietf.org>; Tue, 10 Sep 2019 00:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3oII5WeVpHPIVBb70skOKqNQYoQLWv5l25huQyj2R34=; b=IsP8WSCKh7kFkhdqlU/7/NSc4Gjv+i60zlrguyhB3PUR0QV0zq038wqQ0MVdxDJmTR 3I53jkccYqtHtfigsZ9FSfT2EM5mzaNXvcs7NOdOBUKNHO0543WzhWWf87TVX1jakmng dORFy27JU/WjDNXk+0JyTeH4Fr3YswTCWCcHTIotGpE06L0fEhs+ja2qUETd1EtNOCV/ 4+RQIow0OnZCgAg4FZkTwUXLn5MeXd8FB7vKDQ8WfrwHAyb9Tz5xUfcFMcoe3fcZRBR0 Yte7I+5hkydixmGPC1C+9imlTTd8QTipBqHxGc03qz5r18V/6tA1WTbjrCfTwP3VPTub MO+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3oII5WeVpHPIVBb70skOKqNQYoQLWv5l25huQyj2R34=; b=T7dJXQgd1H0Daeaf14p5TTC6dVdCO8ODDVZ4gbqBN3AIiT8rI1u5HPztTxzMc6fpEv hzWRSsUmlCWronpoNZwvtFLLAfdLMjUzJdxIYiJuLIr4upZVIC6+hZSomKOlZuYbqutF ypOrIOKuhWzH/ZwdcCRQALNiduqG+H/f239dzmU2tJMW4/+ERxsoHPhabnZVhgmokiYw ErZE+ear93+p1HSwQpvbmA0Gv8iaiOoMJm6Ay5vj7r+Q/Z0GWJssO/TyXA6NWCgzJtfk s21QvksnAQr5dTJiDYVEPW3StlEToX0L5zlPW5gCCa4WfOMPZSSU8TgTkN0KzxxrW3lr ucYA==
X-Gm-Message-State: APjAAAWqeT19t6joEzVw1IhXMXHdQhtoeTWBkxerB6ksLcWNnaNdf+Xo hCn42lF533TzAkrD+nOQgx8w3tUWCPBOf+LBJ84=
X-Google-Smtp-Source: APXvYqxSXovrWlu4/5/xhj2Iue0rVvfNfWb82M/lZJTGcQHtMbCn4N1ZTjtgpNSRmycCnPHPyJmRJLu+mO5fkj+RDJM=
X-Received: by 2002:a0d:c305:: with SMTP id f5mr18717956ywd.109.1568100562921; Tue, 10 Sep 2019 00:29:22 -0700 (PDT)
MIME-Version: 1.0
References: <34984ADC-C594-40AC-8540-2DDC6C5ACBC5@gmail.com>
In-Reply-To: <34984ADC-C594-40AC-8540-2DDC6C5ACBC5@gmail.com>
From: Alec Muffett <alec.muffett@gmail.com>
Date: Tue, 10 Sep 2019 08:29:15 +0100
Message-ID: <CAFWeb9+_jHJu8aoYpdm8nFZFOofDheETSwLiqMhdA0cpQzG9BA@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000066cdf05922ddd1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/tlKyay3JgaoCbuZABK5_zXv1dxQ>
X-Mailman-Approved-At: Tue, 10 Sep 2019 08:13:29 -0700
Subject: Re: [Add] Malware quickly adopting DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 07:29:26 -0000
On Mon, 9 Sep 2019, 22:16 Bret Jordan, <jordan.ietf@gmail.com> wrote: > Just making sure people here have seen this.. > > > https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module > One can only wonder how rapidly they adopted HTTPS to evade the "content fingerprinting" of anti-malware in the late 90s and early 2000s, and how the adoption curves compare? Similarly for adopting Tor, also, of course. And WebRTC and Skype. Not to mention those clever malware authors who hardcode IP addresses - that was a tremendous innovation in cyber badware. Or were you suggesting that "innovation happens and bad people adopt it as well as good" somehow constitutes and argument towards some end? -a >
- [Add] Malware quickly adopting DoH Bret Jordan
- Re: [Add] Malware quickly adopting DoH Alec Muffett