nanog mailing list archives
ICANN opens up Pandora's Box of new TLDs
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Fri, 27 Jun 2008 22:27:12 -0700
I just know who should be held for further processing @ the gate. Which is good enough, in this case. "What is the object of defense? Preservation. It is easier to hold ground than take it. . . defense is the stronger form of waging war" Carl Von Clausewitz
-----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Friday, June 27, 2008 8:33 PM To: Tomas L. Byrnes Cc: Christopher Morrow; Roger Marquis; nanog () nanog org Subject: RE: ICANN opens up Pandora's Box of new TLDs On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:These issues are not separate and distinct, but rather related. A graduated level of analysis of membership in any of the sets of: 1: Recently registered domain. 2: Short TTL 3: Appearance in DShield, Shadowserver, Cyber-TA and othersensor lists.4: Invalid/Non-responsive RP info in Whois Create a pretty good profile of someone you probably don't want to accept traffic from. Conflation is bad, recognizing that each metric has value, and some correlation of membership in more than one set has evenmore value, asindicating a likely criminal node, is good. YMMV. I guess, if you have perfect malware signatures, code withno errors,and vigilance the Marines on the wire @ gitmo would envy, you can accept traffic from everywhere.Not quite, because you still won't know who to send the Marines to kill. The Internet is perfect for plausible deniability. Gadi.-----Original Message----- From: Christopher Morrow [mailto:morrowc.lists () gmail com] Sent: Friday, June 27, 2008 7:23 PM To: Roger Marquis Cc: nanog () nanog org Subject: Re: ICANN opens up Pandora's Box of new TLDs On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <marquis () roble com> wrote:Phil Regnauld wrote: apply even cursory tests for domain name validity. Phishers and spammers will have a field day with the inevitable namespace collisions. It is, however, unfortunately consistent with ICANN's inability to address other security issues such as fastflush DNS,domain tasting (botnets), and requiring valid domain contacts.Please do not conflate: 1) Fast flux 2) Botnets 3) Domain tasting 4) valid contact info These are separate and distinct issues... I'd point outthat FastFluxis actually sort of how Akamai does it's job (inconsistent dns responses), Double-Flux (at least the traditional DF) isn't though certainly Akamai COULD do something similar to Double-Flux (and arguably does with some bits their services. The particular form 'Double-Flux' is certainly troublesome, but arguablyTOS/AUP info atRegistrars already deals with most of this because #4 in your list would apply... That or use of the domain for clearly illicit ends. Also, perhaps just not having Registrar's that solely deal in criminal activities would make this harder to accomplish... Botnets clearly are bad... I'm not sure they are relatedto ICANN inany real way though, so that seems like a red herring in the discussion. Domain tasting has solutions on the table (thanks drc for linkages) but was a side effect of some customer-satisfaction/buyers-remorse loopholes placed in the regs... the fact that someone figured out that computers could be used to take advantage of thatloophole on amassive scale isn't super surprising. In the end though,it's gettingfixed, perhaps slower than we'd all prefer, but still.I have to conclude that ICANN has failed, simply failed,and should bereturned to the US government. Perhaps the DHL would atleast solicitfor RFCs from the security community.I'm not sure a shipping company really is the best placeto solicit...or did you mean DHS? and why on gods green earth would youwant theminvolved with this? -chris
Current thread:
- Re: ICANN opens up Pandora's Box of new TLDs, (continued)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- TTL settings efficiency [was: ICANN opens up Pandora's Box of new TLDs] Gadi Evron (Jun 27)
- RE: ICANN opens up Pandora's Box of new TLDs Tomas L. Byrnes (Jun 27)
- RE: ICANN opens up Pandora's Box of new TLDs Gadi Evron (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Christopher Morrow (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs Tony Finch (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs Eric Brunner-Williams (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs Gadi Evron (Jun 27)
- warfare and the Internet [was: ICANN opens up Pandora's Box of new TLDs] Gadi Evron (Jun 27)
- Re: ICANN opens up Pandora's Box of new TLDs John Levine (Jun 29)
- Re: ICANN opens up Pandora's Box of new TLDs Phil Regnauld (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs Stephane Bortzmeyer (Jun 29)
- Re: ICANN opens up Pandora's Box of new TLDs Matthew Petach (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs Phil Regnauld (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs David Conrad (Jun 30)
- Re: ICANN opens up Pandora's Box of new TLDs Phil Regnauld (Jun 30)