Paul,
I read Gregg Keizer's piece in CW where FireEye's Fengmin Gong is quoted
as "We have registered a couple hundred domains," Gong said, "but we
made the decision that we cannot afford to spend so much money to keep
registering so many [domain] names."
Now interposing on the Srizbi system's attempt to communicate shouldn't
be signing up to do an unlimited number of $6 buys from VGRS plus the
overhead to ICANN and a registrar, after all, it is likely that Srizbi
isn't using real money to do its domain buys ... so I wrote to the dead
mailbox at Gong's company to ask for numbers, and if anyone in the
registrar/registry business units knew why Gong's company was doing a
couple hundred buys, and what T&C they were offered to keep Srizbi
disconnected ...
No response.
How many domains did FE register, through which registrar(s), and at any
point did FE represent to the registrar(s) or to the registry (or
registries) the purpose of the buys was to keep Srizbi disconnected? If
the registrar(s) or registry(ies) were informed of the purpose of the
buys, what response, if any, did they make to FE's representation?
I want to know what FE's burn rate was in prophylactic domain buys, and
who told FE to let Srizbi resynch its C&C nodes with its bots. I will
discuss what I learn to the ICANN GNSO Council. If Keizer's even
remotely correct on this point, then this is a "should never happen
again" scenario where the GNSO can mandate registry, and registrar
responses.
So yeah, collaboration would be good, but FE ain't taking my mail, so if
this is ever going to go to registrar/registry policy land, it will have
to find its own way there. We just lost the unlimited 5 day "Add Grace
Period" due to domainers and (some) registrars using it for tasting, and
carving out a "prophylactic grace period" for things like this is
possible, so that it becomes a no-charge to the interposing buy engine.
my two beads worth,
Eric
Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Dec 5, 2008 at 11:10 PM, Paul Kelly :: Blacknight
<[EMAIL PROTECTED]> wrote:
We saw a dramatic decrease. Attached is our dnsbl mirror in .ie, it
mirrors spamhaus amoungst other things.
McColo was just an exercise in "managing" cyber crime operations in the
U.S.
Please do not be distracted by the whole "spam" issue, it's just a
byproduct of much larger criminal operation.
What this community should really be discussing is how to deal with these
issue in a collaborative manner, because that is exactly what is need to
combat it.
$.02,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFJOit+q1pz9mNUZTMRApsmAKDiMWX7DFUCNxcGku6kOPex5NlW9wCdEMAb
TPtpX7pW20Tl6TgPeudjgP0=
=n4cP
-----END PGP SIGNATURE-----