nanog mailing list archives

Previous By Date Next
Previous By Thread Next

ICANN opens up Pandora's Box of new TLDs

From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Fri, 27 Jun 2008 22:27:12 -0700
 
I just know who should be held for further processing @ the gate.

Which is good enough, in this case.

"What is the object of defense? Preservation. It is easier to hold
ground than take it. . .  defense is the stronger form of waging war"

Carl Von Clausewitz
 


-----Original Message-----
From: Gadi Evron [mailto:ge () linuxbox org]
Sent: Friday, June 27, 2008 8:33 PM
To: Tomas L. Byrnes
Cc: Christopher Morrow; Roger Marquis; nanog () nanog org
Subject: RE: ICANN opens up Pandora's Box of new TLDs

On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:

These issues are not separate and distinct, but rather related.

A graduated level of analysis of membership in any of the sets of:

1: Recently registered domain.

2: Short TTL

3: Appearance in DShield, Shadowserver, Cyber-TA and other

sensor lists.


4: Invalid/Non-responsive RP info in Whois

Create a pretty good profile of someone you probably don't want to 
accept traffic from.

Conflation is bad, recognizing that each metric has value, and some 
correlation of membership in more than one set has even

more value, as

indicating a likely criminal node, is good.

YMMV.

I guess, if you have perfect malware signatures, code with

no errors,

and vigilance the Marines on the wire @ gitmo would envy, you can 
accept traffic from everywhere.


Not quite, because you still won't know who to send the Marines to 
kill.
The Internet is perfect for plausible deniability.

      Gadi.






-----Original Message-----
From: Christopher Morrow [mailto:morrowc.lists () gmail com]
Sent: Friday, June 27, 2008 7:23 PM
To: Roger Marquis
Cc: nanog () nanog org
Subject: Re: ICANN opens up Pandora's Box of new TLDs

On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <marquis () roble com>
wrote:

Phil Regnauld wrote:
apply even cursory tests for domain name validity. Phishers and 
spammers will have a field day with the inevitable namespace 
collisions. It is, however, unfortunately consistent with ICANN's 
inability to address other security issues such as fast

flush DNS,

domain tasting (botnets), and requiring valid domain contacts.



Please do not conflate:

1) Fast flux
2) Botnets
3) Domain tasting
4) valid contact info

These are separate and distinct issues... I'd point out

that FastFlux

is actually sort of how Akamai does it's job (inconsistent dns 
responses), Double-Flux (at least the traditional DF) isn't though 
certainly Akamai COULD do something similar to Double-Flux (and 
arguably does with some bits their services. The particular form 
'Double-Flux' is certainly troublesome, but arguably

TOS/AUP info at

Registrars already deals with most of this because #4 in your list 
would apply... That or use of the domain for clearly illicit ends.
Also, perhaps just not having Registrar's that solely deal in 
criminal activities would make this harder to accomplish...

Botnets clearly are bad... I'm not sure they are related

to ICANN in

any real way though, so that seems like a red herring in the 
discussion.

Domain tasting has solutions on the table (thanks drc for
linkages) but was a side effect of some 
customer-satisfaction/buyers-remorse
loopholes placed in the regs... the fact that someone figured out 
that computers could be used to take advantage of that

loophole on a

massive scale isn't super surprising. In the end though,

it's getting

fixed, perhaps slower than we'd all prefer, but still.


I have to conclude that ICANN has failed, simply failed,

and should be

returned to the US government.  Perhaps the DHL would at

least solicit

for RFCs from the security community.


I'm not sure a shipping company really is the best place

to solicit...

or did you mean DHS? and why on gods green earth would you

want them

involved with this?

-chris
Previous By Date Next
Previous By Thread Next

Current thread: