North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

ICANN opens up Pandora's Box of new TLDs

  • From: Tomas L. Byrnes
  • Date: Sat Jun 28 01:27:21 2008

 
I just know who should be held for further processing @ the gate.

Which is good enough, in this case.

"What is the object of defense? Preservation. It is easier to hold
ground than take it. . .  defense is the stronger form of waging war"

Carl Von Clausewitz
 

> -----Original Message-----
> From: Gadi Evron [mailto:[email protected]]
> Sent: Friday, June 27, 2008 8:33 PM
> To: Tomas L. Byrnes
> Cc: Christopher Morrow; Roger Marquis; [email protected]
> Subject: RE: ICANN opens up Pandora's Box of new TLDs
> 
> On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:
> > These issues are not separate and distinct, but rather related.
> >
> > A graduated level of analysis of membership in any of the sets of:
> >
> > 1: Recently registered domain.
> >
> > 2: Short TTL
> >
> > 3: Appearance in DShield, Shadowserver, Cyber-TA and other
> sensor lists.
> >
> > 4: Invalid/Non-responsive RP info in Whois
> >
> > Create a pretty good profile of someone you probably don't want to 
> > accept traffic from.
> >
> > Conflation is bad, recognizing that each metric has value, and some 
> > correlation of membership in more than one set has even
> more value, as
> > indicating a likely criminal node, is good.
> >
> > YMMV.
> >
> > I guess, if you have perfect malware signatures, code with
> no errors,
> > and vigilance the Marines on the wire @ gitmo would envy, you can 
> > accept traffic from everywhere.
> 
> Not quite, because you still won't know who to send the Marines to 
> kill.
> The Internet is perfect for plausible deniability.
> 
>  	Gadi.
> 
> >
> >
> >
> >> -----Original Message-----
> >> From: Christopher Morrow [mailto:[email protected]]
> >> Sent: Friday, June 27, 2008 7:23 PM
> >> To: Roger Marquis
> >> Cc: [email protected]
> >> Subject: Re: ICANN opens up Pandora's Box of new TLDs
> >>
> >> On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <[email protected]>
> >> wrote:
> >>> Phil Regnauld wrote:
> >>> apply even cursory tests for domain name validity. Phishers and 
> >>> spammers will have a field day with the inevitable namespace 
> >>> collisions. It is, however, unfortunately consistent with ICANN's 
> >>> inability to address other security issues such as fast
> flush DNS,
> >>> domain tasting (botnets), and requiring valid domain contacts.
> >>>
> >>
> >> Please do not conflate:
> >>
> >> 1) Fast flux
> >> 2) Botnets
> >> 3) Domain tasting
> >> 4) valid contact info
> >>
> >> These are separate and distinct issues... I'd point out
> that FastFlux
> >> is actually sort of how Akamai does it's job (inconsistent dns 
> >> responses), Double-Flux (at least the traditional DF) isn't though 
> >> certainly Akamai COULD do something similar to Double-Flux (and 
> >> arguably does with some bits their services. The particular form 
> >> 'Double-Flux' is certainly troublesome, but arguably
> TOS/AUP info at
> >> Registrars already deals with most of this because #4 in your list 
> >> would apply... That or use of the domain for clearly illicit ends.
> >> Also, perhaps just not having Registrar's that solely deal in 
> >> criminal activities would make this harder to accomplish...
> >>
> >> Botnets clearly are bad... I'm not sure they are related
> to ICANN in
> >> any real way though, so that seems like a red herring in the 
> >> discussion.
> >>
> >> Domain tasting has solutions on the table (thanks drc for
> >> linkages) but was a side effect of some 
> >> customer-satisfaction/buyers-remorse
> >> loopholes placed in the regs... the fact that someone figured out 
> >> that computers could be used to take advantage of that
> loophole on a
> >> massive scale isn't super surprising. In the end though,
> it's getting
> >> fixed, perhaps slower than we'd all prefer, but still.
> >>
> >>> I have to conclude that ICANN has failed, simply failed,
> >> and should be
> >>> returned to the US government.  Perhaps the DHL would at
> >> least solicit
> >>> for RFCs from the security community.
> >>
> >> I'm not sure a shipping company really is the best place
> to solicit...
> >> or did you mean DHS? and why on gods green earth would you
> want them
> >> involved with this?
> >>
> >> -chris
> >>
> >>
> >
> >
>