Educause Security Discussion mailing list archives
Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's
From: Graham Toal <gtoal () UTPA EDU>
Date: Mon, 20 Nov 2006 14:30:58 -0600
From: Mclaughlin, Kevin L (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU]
My point is, and will continue to be, that the EU domain is a legitimate European domain that is run and managed in Europe. EU is an actual extension just like .com, .org, .edu, etc. with over 2 million users, and since we don't have international domain law (to my knowledge) how is it our right to say whether other countries can use an extension or not? If I am living and working in Europe and want to use hawaii.eu why would hawaii.com or hawaii.org, or hawaii.edu have the right to Deny me the right to do so? If hawaii.edu can deny my right to use hawaii.eu doesn't that mean I can also deny their right to use hawaii.edu or is it simply because they are North American based that gives them the right to say what names I can use for my .EU domains?
Let me try to stop this discussion spiralling out of control by going over the basics of this cooperative anarchy we call the internet. 1) NOTHING you (at xxx.edu) can do with your local DNS denies anyone at xxx.eu any rights. What you can do at best is deny your own users access to that domain. Assuming you have suitable permission within your own organisation, you have every right to do that. (I.e. you have captive users, you're not an ISP or a common carrier) It does not matter whether the mechanism by which you do so is by redirecting their DNS names to a dead address, or by blocking their IPs with your firewalls - you're basically doing it *to yourself*. 2) If the person at xxx.eu has a legitimate site, you are merely being rude by blocking them but you are not doing anything illegal (IANALB); if their site is camping on a typo for click throughs, it's they who are being rude; however if they are redirecting things like ssh connections to a dummy server (or worse, a man in the middle) to gather passwords, you're not only within your rights to block them, as an ISO it would probably be a career limiting move if you didn't and later were hacked from a stolen password. In summary, if it's your site that is fed by your DNS server and your users are under your control, then you could redirect any DNS name you like and you'd be within your rights to do what you like to your own system. It would only be a problem if you were providing public third-party DNS lookups (such as if you were an ISP) or if you were one of the root name servers (like when verisign tried to capture *.com clicks with a wildcard record a couple of years back) So please, no more arguments as to whether you are denying anyone in the eu their 'rights' because unless they are using your DNS servers you're not denying them squat. Graham (EU citizen)
Current thread:
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's, (continued)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Gary Flynn (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Valdis Kletnieks (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Steve Lovaas (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Alan Whinery (Nov 18)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's John C. A. Bambenek (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's John C. A. Bambenek (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Valdis Kletnieks (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Graham Toal (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Alan Whinery (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 21)