Hi Benoit,<br><br><div class="gmail_quote">On Thu, Feb 26, 2009 at 11:44, Benoit Panizzon <span dir="ltr">&lt;benoit.panizzon@imp.ch&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
In the last few days I observer strange virus DNS behaviour... </blockquote><div><br>Its a double-fast-flux network:<br><a href="http://en.wikipedia.org/wiki/Fast_flux#Single-flux_and_double-flux">http://en.wikipedia.org/wiki/Fast_flux#Single-flux_and_double-flux</a><br>
</div></div><a href="http://spamtrackers.eu/wiki/index.php?title=Fast-flux#How_to_shut-down_a_fast-flux_domain">http://spamtrackers.eu/wiki/index.php?title=Fast-flux#How_to_shut-down_a_fast-flux_domain</a><br><a href="http://dnsbl.abuse.ch/fastfluxtracker.php">http://dnsbl.abuse.ch/fastfluxtracker.php</a><br clear="all">
<br>Jeroens answer is probably the easiest to implement.<br><br>-Aarno<br>-- <br>Aarno Aukia<br>ETH Zurich / Atrila GmbH<br>+41764000464<br>