Is here. Several companies are rehearsing their old products and
buzzwording them for DDoS mitigation or botnets, but not Trend Micro.
Trend Micro released a brand new product, implemented with the novel idea
of utilizing DNS to detect bots on an ISP or corporate network.
Whether by massive requests for a C&C (bots phoning home) or massive
requests for an MX record (spam bots), looking for negative caching (NX
being cached (as the C&C is not there yet but requested) and beyond.
It works. I don't know if that's what Trend Micro is doing, but it's one
step in the right direction to better botnet detection and mitigation.
Larry Seltzer wrote a good article on it:
This idea has been explored before:
The Domain Name Service as an IDS - NANOG archives:
My poor choice of subject lines with quoting the paper's name
("IDS) rather than saying "better utilizing DNS to detect infeted hosts
and kill C&C's" got me a lot of flames on being off topic. It also got me
a warning on DNS being off-topic, which was withdrawn on-list.
The original paper can be found, here:
(these guys were cool enough to reference me, hehe)
Other papers were linked to from the above mentioned post.
This is pretty cool, and is worth a look. I guess we will find out what
this commercialized technology is worth now that it is out of the
home-grown/academic tools realm.