|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VeriSign's rapid DNS updates in .com/.net
On Thu, 22 Jul 2004 17:24:07 -0700 "Robert L Mathews" <[email protected]> wrote: | At 7/22/04 10:08 AM, Paul Vixie wrote: | |> the primary beneficiaries of this new functionality are spammers |> and other malfeasants | | I think you're suggesting that such people will register domain | names and use them right away (which may be true), and that the | lack of a delay enables them to do things they couldn't otherwise | do (which isn't). The key here is not registration but change. Currently, while spammers and other malfeasants have the ability to send out through compromised proxies and zombied PCs, there is little that can be done to identify them until they require a response, and then the return path provides some traceability via the IP addresses used, at least for nameservers. One of the latest spammer exploits involves relying on compromised PCs for hosting of websites and DNS: which, coupled with the ability to update the root DNS in close-to-real-time, means that the entire hosting operation including nameservers can be based on compromised boxes, often with an encrypted/obfuscated link back to the real point of control, and that is significantly harder to track. This becomes of rather greater significance if the hosting is for a phishing site. The root DNS is controlled through the registrar, and what contact information is held by the registrars frequently turns out to be at best highly imaginative. In removing the previous delays in updating root DNS, the registrars have removed the last obstacle to making hosting totally-untraceable: and then the only record of a hosting activity will be whatever data is held by the registrar. The only impact of the changes that ICANN made to improve whois-accuracy, has been that the malfeasants are now registering more domains, so that they can rely on the mandated 15-day grace period during which when the registrar is required to keep their domain up even though the provided contact details are totally bogus. The demand for extra domains serves the registrars' business model well. When a contact address is proved to be bogus, and at the end of 15 days the domain complained of is in consequence shut down, it does not seem to occur to most registrars that the other (say) six hundred - perhaps thousands of domains - that were registered by the same person with the identical contact details, must also have bogus contact details and so should be automatically shut down. No, an individual complaint seems to be needed in each case, which means that the malfeasants are given 15 days from the first appearance of EACH domain during which the entire domain is, as it were, bulletproof. -- Richard Cox
|