Educause Security Discussion mailing list archives
Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's
From: Alan Whinery <whinery () HAWAII EDU>
Date: Mon, 20 Nov 2006 11:49:02 -1000
I have to say that Graham is right, except in his expectation that talking sense will avert a discussion. With regard legitimacy, I do not care. If somebody registers www.we11sfargo.com (those are numeral '1's) in order to steal my banking info, I don't care that the registration is "legitimate", which is so far meaningless in this context anyways, or whether my blocking it violates a law. I have been threatened with "litigation" or "the authorities" dozens of times over the last 15 years by various parties, all were empty threats. Our department has responded to subpoenas, so far in cases that we would have cooperated regardless of the subpoena. If someone makes the blocking of name resolutions illegal, I will still not care, until an appropriate court produces an appropriate piece of paper. And then my guess is that there's a good chance, especially if it regards international law, that the university advocate will blow his nose on it and throw it in the trash. (our UH lawyer is a fine human being, and always treats all inquiries with careful attention and respect.). We have now gone several days without a single x.hawaii.eu inquiry to our DNS servers, which kind of suggests that there isn't much of a crisis. Of course, the problem tends to be those problems that you can't predict, so I'm still in favor of blocking hawaii.eu with a false zone/SOA. Yes, it will not have an effect on anyone who's outside our DNS influence. The I will be deliriously happy to allow our users to reach hawaii.eu, should it ever provide some sort of content which they desire, then I will care about providing access to that content. But for the current affiliate/domain speculator placeholder page, they're just not going to care either. I also don't have any qualms about blocking every other .edu-like.eu affiliate/speculator placeholder page that I can find. I would continue to allow http://www.juniata.eu/, because it looks like someone's actually developing a web presence there, and anyone who names a cat "Donut" is all right with me. Still, it could all be a front. Sorry Graham. I'm probably just prolonging the agony. Alan Mclaughlin, Kevin L writes:
My point is, and will continue to be, that the EU domain is a legitimate European domain that is run and managed in Europe. EU is an actual extension just like .com, .org, .edu, etc. with over 2 million users, and since we don't have international domain law (to my knowledge) how is it our right to say whether other countries can use an extension or not? If I am living and working in Europe and want to use hawaii.eu why would hawaii.com or hawaii.org, or hawaii.edu have the right to Deny me the right to do so? If hawaii.edu can deny my right to use hawaii.eu doesn't that mean I can also deny their right to use hawaii.edu or is it simply because they are North American based that gives them the right to say what names I can use for my .EU domains?
Graham Toal writes
Let me try to stop this discussion spiralling out of control by going over the basics of this cooperative anarchy we call the internet. 1) NOTHING you (at xxx.edu) can do with your local DNS denies anyone at xxx.eu any rights. What you can do at best is deny your own users access to that domain. Assuming you have suitable permission within your own organisation, you have every right to do that. (I.e. you have captive users, you're not an ISP or a common carrier) It does not matter whether the mechanism by which you do so is by redirecting their DNS names to a dead address, or by blocking their IPs with your firewalls - you're basically doing it *to yourself*. 2) If the person at xxx.eu has a legitimate site, you are merely being rude by blocking them but you are not doing anything illegal (IANALB); if their site is camping on a typo for click throughs, it's they who are being rude; however if they are redirecting things like ssh connections to a dummy server (or worse, a man in the middle) to gather passwords, you're not only within your rights to block them, as an ISO it would probably be a career limiting move if you didn't and later were hacked from a stolen password. In summary, if it's your site that is fed by your DNS server and your users are under your control, then you could redirect any DNS name you like and you'd be within your rights to do what you like to your own system. It would only be a problem if you were providing public third-party DNS lookups (such as if you were an ISP) or if you were one of the root name servers (like when verisign tried to capture *.com clicks with a wildcard record a couple of years back) So please, no more arguments as to whether you are denying anyone in the eu their 'rights' because unless they are using your DNS servers you're not denying them squat. Graham (EU citizen)
Current thread:
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's, (continued)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Valdis Kletnieks (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Steve Lovaas (Nov 17)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Alan Whinery (Nov 18)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's John C. A. Bambenek (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's John C. A. Bambenek (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Valdis Kletnieks (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Graham Toal (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Alan Whinery (Nov 20)
- Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's Mclaughlin, Kevin L (mclaugkl) (Nov 21)