I just know who should be held for further processing @ the gate. Which is good enough, in this case.
"What is the object of defense? Preservation. It is easier to hold ground than take it. . . defense is the stronger form of waging war" Carl Von Clausewitz > -----Original Message----- > From: Gadi Evron [mailto:[EMAIL PROTECTED] > Sent: Friday, June 27, 2008 8:33 PM > To: Tomas L. Byrnes > Cc: Christopher Morrow; Roger Marquis; nanog@nanog.org > Subject: RE: ICANN opens up Pandora's Box of new TLDs > > On Fri, 27 Jun 2008, Tomas L. Byrnes wrote: > > These issues are not separate and distinct, but rather related. > > > > A graduated level of analysis of membership in any of the sets of: > > > > 1: Recently registered domain. > > > > 2: Short TTL > > > > 3: Appearance in DShield, Shadowserver, Cyber-TA and other > sensor lists. > > > > 4: Invalid/Non-responsive RP info in Whois > > > > Create a pretty good profile of someone you probably don't want to > > accept traffic from. > > > > Conflation is bad, recognizing that each metric has value, and some > > correlation of membership in more than one set has even > more value, as > > indicating a likely criminal node, is good. > > > > YMMV. > > > > I guess, if you have perfect malware signatures, code with > no errors, > > and vigilance the Marines on the wire @ gitmo would envy, you can > > accept traffic from everywhere. > > Not quite, because you still won't know who to send the Marines to > kill. > The Internet is perfect for plausible deniability. > > Gadi. > > > > > > > > >> -----Original Message----- > >> From: Christopher Morrow [mailto:[EMAIL PROTECTED] > >> Sent: Friday, June 27, 2008 7:23 PM > >> To: Roger Marquis > >> Cc: nanog@nanog.org > >> Subject: Re: ICANN opens up Pandora's Box of new TLDs > >> > >> On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <[EMAIL PROTECTED]> > >> wrote: > >>> Phil Regnauld wrote: > >>> apply even cursory tests for domain name validity. Phishers and > >>> spammers will have a field day with the inevitable namespace > >>> collisions. It is, however, unfortunately consistent with ICANN's > >>> inability to address other security issues such as fast > flush DNS, > >>> domain tasting (botnets), and requiring valid domain contacts. > >>> > >> > >> Please do not conflate: > >> > >> 1) Fast flux > >> 2) Botnets > >> 3) Domain tasting > >> 4) valid contact info > >> > >> These are separate and distinct issues... I'd point out > that FastFlux > >> is actually sort of how Akamai does it's job (inconsistent dns > >> responses), Double-Flux (at least the traditional DF) isn't though > >> certainly Akamai COULD do something similar to Double-Flux (and > >> arguably does with some bits their services. The particular form > >> 'Double-Flux' is certainly troublesome, but arguably > TOS/AUP info at > >> Registrars already deals with most of this because #4 in your list > >> would apply... That or use of the domain for clearly illicit ends. > >> Also, perhaps just not having Registrar's that solely deal in > >> criminal activities would make this harder to accomplish... > >> > >> Botnets clearly are bad... I'm not sure they are related > to ICANN in > >> any real way though, so that seems like a red herring in the > >> discussion. > >> > >> Domain tasting has solutions on the table (thanks drc for > >> linkages) but was a side effect of some > >> customer-satisfaction/buyers-remorse > >> loopholes placed in the regs... the fact that someone figured out > >> that computers could be used to take advantage of that > loophole on a > >> massive scale isn't super surprising. In the end though, > it's getting > >> fixed, perhaps slower than we'd all prefer, but still. > >> > >>> I have to conclude that ICANN has failed, simply failed, > >> and should be > >>> returned to the US government. Perhaps the DHL would at > >> least solicit > >>> for RFCs from the security community. > >> > >> I'm not sure a shipping company really is the best place > to solicit... > >> or did you mean DHS? and why on gods green earth would you > want them > >> involved with this? > >> > >> -chris > >> > >> > > > > >
