Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's

[Graham Toal <gtoal () UTPA EDU>]

> From: Mclaughlin, Kevin L (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU] 

> My point is, and will continue to be, that the EU domain is a 
> legitimate European domain that is run and managed in Europe. 
>  EU is an actual extension just like .com, .org, .edu, etc. 
> with over 2 million users, and since we don't have 
> international domain law (to my knowledge)  how is it our 
> right to say whether other countries can use an extension or 
> not? If I am living and working in Europe and want to use 
> hawaii.eu   why would hawaii.com or hawaii.org, or hawaii.edu 
> have the right to Deny me the right to do so?   If hawaii.edu 
> can deny my right to use hawaii.eu doesn't that mean I can 
> also deny their right to use hawaii.edu or is it simply 
> because they are North American based that gives them the 
> right to say what names I can use for my .EU domains?

Let me try to stop this discussion spiralling out of control
by going over the basics of this cooperative anarchy we call
the internet.

1) NOTHING you (at xxx.edu) can do with your local DNS denies
anyone at xxx.eu any rights.  What you can do at best is deny
your own users access to that domain.  Assuming you have suitable
permission within your own organisation, you have every right to
do that.  (I.e. you have captive users, you're not an ISP or
a common carrier)  It does not matter whether the mechanism by
which you do so is by redirecting their DNS names to a dead address,
or by blocking their IPs with your firewalls - you're basically
doing it *to yourself*.

2) If the person at xxx.eu has a legitimate site, you are merely
being rude by blocking them but you are not doing anything illegal
(IANALB);
if their site is camping on a typo for click throughs, it's they who
are being rude; however if they are redirecting things like ssh
connections to a dummy server (or worse, a man in the middle) to
gather passwords, you're not only within your rights to block them,
as an ISO it would probably be a career limiting move if you didn't
and later were hacked from a stolen password.

In summary, if it's your site that is fed by your DNS server and your
users are under your control, then you could redirect any DNS name
you like and you'd be within your rights to do what you like to your
own system.

It would only be a problem if you were providing public third-party
DNS lookups (such as if you were an ISP) or if you were one of the
root name servers (like when verisign tried to capture *.com clicks
with a wildcard record a couple of years back)

So please, no more arguments as to whether you are denying anyone in
the eu their 'rights' because unless they are using your DNS servers
you're not denying them squat.


Graham (EU citizen)