Usually one domain..?  More often than not, a domain generation algorithm with lots more than just one<div><br></div><div>Beyond that, please do some more research.<span></span><br><br>On Thursday, June 27, 2013, Frank Gadegast  wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Suresh Ramasubramanian wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thursday, June 27, 2013, Frank Gadegast wrote:<br>
<br>
    Any nameserver has to be registered with the registry of the domain<br>
    (is there another way DNS works, I dont know ?)<br>
<br>
    So: you can always find the server running the nameserver for that<br>
    domain.<br>
    Take this server down.<br>
<br>
<br>
for fastflux, take it down and theres a fresh ns real soon. then what?<br>
</blockquote>
<br>
The botnet has usually one domain wired into the bot.<br>
This domain &quot;a&quot; is running on a nameserver.<br>
The bot is asking the nameserver (wich isnt changed by the botnet owner)<br>
for a second domain &quot;b&quot; (wich might not be registrered at all, but<br>
configured) running fastflux for the IP of its control<br>
servers.<br>
<br>
But: you can find the domain &quot;a&quot; by reverse engeneering the bot.<br>
Find the nameservers for &quot;a&quot; and your done.<br>
<br>
And if the bot is doing only single fastflux, the botnet owner<br>
HAS to update the domain at the registry, makes it even<br>
easier. Take the first nameservers down, wait for the update<br>
at the registry, take the next two nameservers down aso<br>
until there is none left.<br>
Complaining about Registries isnt the right start, even if it<br>
would make things easy. Domains could change, even complaining about<br>
the nameservers on hacked servers isnt the right start (probably<br>
because they are hosted in countries where you have no chance to<br>
to find a legal argument to take them down).<br>
<br>
I would even argue that not only the domainname cannot harm<br>
anybody, the nameservers arent doing that too.<br>
A nameservice itself isnt something illegal even if it resolves<br>
IPs for a botnet (except it resides on a hacked und misused<br>
server and if that is illegal in the country where it resides).<br>
They are both only part of a system.<br>
<br>
The harmfull parts are the bots and the intruded and misused<br>
servers, if you delete the domainname, they are all<br>
still floating about and will be soon part of the next botnet ...<br>
<br>
<br>
I personally would start at the other end and force Microsoft<br>
legally to only have PCs connected to the Internet that<br>
have an AntiVirus solution installed and running ...<br>
<br>
But then you have the antitrust agencies arguing<br>
that Microsoft is not allowed to install a antivirus<br>
solutions because it wouldnt be that nice to their<br>
competitors ...<br>
<br>
And surely have laws in all countries to forbid<br>
to run servers delivering malware and force the ISPs<br>
to remove them after knowledge ...<br>
<br>
<br>
Kind regards, Frank<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
    Lets say somebodies name is &quot;John Doo&quot;. The name itself cannot<br>
    harm anybody, the person &quot;named&quot; John Doo can.<br>
<br>
<br>
    headdesk.<br>
<br>
<br>
<br>
--<br>
--srs (iPad)<br>
</blockquote>
<br>
<br>
</blockquote></div><br><br>-- <br>--srs (iPad)<br>