Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's

[Alan Whinery <whinery () HAWAII EDU>]

I have to say that Graham is right, except in his expectation that
talking sense will avert a discussion.

With regard legitimacy, I do not care. If somebody registers
www.we11sfargo.com (those are numeral '1's) in order to steal my banking
info, I don't care that the registration is "legitimate", which is so
far meaningless in this context anyways, or whether my blocking it
violates a law.

I have been threatened with "litigation" or "the authorities" dozens of
times over the last 15 years by various parties, all were empty threats.
Our department has responded to subpoenas, so far in cases that we would
have cooperated regardless of the subpoena.

If someone makes the blocking of name resolutions illegal, I will still
not care, until an appropriate court produces an appropriate piece of
paper.  And then my guess is that there's a good chance, especially if
it regards international law, that the university advocate will blow his
nose on it and throw it in the trash. (our UH lawyer is a fine human
being, and always treats all inquiries with careful attention and respect.).

We have now gone several days without a single x.hawaii.eu inquiry to
our DNS servers, which kind of suggests that there isn't much of a
crisis. Of course, the problem tends to be those problems that you can't
predict, so I'm still in favor of blocking hawaii.eu with a false
zone/SOA. Yes, it will not have an effect on anyone who's outside our
DNS influence. The

I will be deliriously happy to allow our users to reach hawaii.eu,
should it ever provide some sort of content which they desire, then I
will care about providing access to that content. But for the current
affiliate/domain speculator placeholder page, they're just not going to
care either. I also don't have any qualms about blocking every other
.edu-like.eu affiliate/speculator placeholder page that  I can find. I
would continue to allow http://www.juniata.eu/, because it looks like
someone's actually developing a web presence there, and anyone who names
a cat "Donut" is all right with me. Still, it could all be a front.

Sorry Graham. I'm probably just prolonging the agony.
Alan


Mclaughlin, Kevin L writes:
> > My point is, and will continue to be, that the EU domain is a
> > legitimate European domain that is run and managed in Europe.
> >  EU is an actual extension just like .com, .org, .edu, etc.
> > with over 2 million users, and since we don't have
> > international domain law (to my knowledge)  how is it our
> > right to say whether other countries can use an extension or
> > not? If I am living and working in Europe and want to use
> > hawaii.eu   why would hawaii.com or hawaii.org, or hawaii.edu
> > have the right to Deny me the right to do so?   If hawaii.edu
> > can deny my right to use hawaii.eu doesn't that mean I can
> > also deny their right to use hawaii.edu or is it simply
> > because they are North American based that gives them the
> > right to say what names I can use for my .EU domains?

Graham Toal writes

> Let me try to stop this discussion spiralling out of control
> by going over the basics of this cooperative anarchy we call
> the internet.
>
> 1) NOTHING you (at xxx.edu) can do with your local DNS denies
> anyone at xxx.eu any rights.  What you can do at best is deny
> your own users access to that domain.  Assuming you have suitable
> permission within your own organisation, you have every right to
> do that.  (I.e. you have captive users, you're not an ISP or
> a common carrier)  It does not matter whether the mechanism by
> which you do so is by redirecting their DNS names to a dead address,
> or by blocking their IPs with your firewalls - you're basically
> doing it *to yourself*.
>
> 2) If the person at xxx.eu has a legitimate site, you are merely
> being rude by blocking them but you are not doing anything illegal
> (IANALB);
> if their site is camping on a typo for click throughs, it's they who
> are being rude; however if they are redirecting things like ssh
> connections to a dummy server (or worse, a man in the middle) to
> gather passwords, you're not only within your rights to block them,
> as an ISO it would probably be a career limiting move if you didn't
> and later were hacked from a stolen password.
>
> In summary, if it's your site that is fed by your DNS server and your
> users are under your control, then you could redirect any DNS name
> you like and you'd be within your rights to do what you like to your
> own system.
>
> It would only be a problem if you were providing public third-party
> DNS lookups (such as if you were an ISP) or if you were one of the
> root name servers (like when verisign tried to capture *.com clicks
> with a wildcard record a couple of years back)
>
> So please, no more arguments as to whether you are denying anyone in
> the eu their 'rights' because unless they are using your DNS servers
> you're not denying them squat.
>
>
> Graham (EU citizen)