ICANN ICANN Email List Archives

[fast-flux-initial-report]


<<< Chronological Index >>>    <<< Thread Index >>>

A comment I made on Circle ID

  • To: <fast-flux-initial-report@xxxxxxxxx>
  • Subject: A comment I made on Circle ID
  • From: "Richard Golodner" <rgolodner@xxxxxxxxxxxxxxxx>
  • Date: Fri, 30 Jan 2009 00:50:02 -0600

                After reading the GNSO report on Fast Flux one of the
problems I can see is that it breaks the ability of a network that uses IP
based ACL's to limit access to their online resources. With Fast Flux, the
bad guys can now have access to targets that may have been previously
blocked by these controls. Granted a company should have many layers of
protection such as firewalls, IDS and IPS, but I see a lot of smaller
customers, not ISP's, that rely on IP based ACL's as part of their line of
defense. With Fast Flux, these companies will now need to step up their game
and determine other ways to protect themselves. 
With budgets being tightened in all areas of IT, security staff will have to
be extra diligent in reading logs, scanning their nets for unusual activity
and monitoring or prohibiting where users are allowed to go on the Internet
which should be done anyway, as the money to increase network protection via
hardware may not be there. Explaining this to upper level management may be
difficult until they are compromised by Fast Flux guided bots. 
I can't count the times I have been told that "it can't happen here" or "why
would someone try and attack us?" Often times I find the answer to that
question is because the bad guys could and did. 
Fast Flux does have its place in the industry and we all take advantage of
it. Content delivery networks, computer updates all use it. 
My question is what can be done at the domain registry level to make it more
difficult to for the bad guys to use Fast Flux as a means of continuing
their criminal enterprises?

            Sincerely, Richard Golodner



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy