ICANN ICANN Email List Archives

[fast-flux-initial-report]


<<< Chronological Index >>>    <<< Thread Index >>>

Comment on Fastflux

  • To: <fast-flux-initial-report@xxxxxxxxx>
  • Subject: Comment on Fastflux
  • From: "Suresh Ramasubramanian" <suresh@xxxxxxxxxx>
  • Date: Sat, 14 Feb 2009 06:54:16 +0530

Fastflux in its few legitimate applications such as load balancing usually does 
not share the characteristics of abusive fastflux -

1. It does not use thousands of hijacked hosts - an entire botnet - spread 
across several continents

2. The reverse dns and such of IPs under full control of the provider concerned 
have reverse dns and such properly setup, or at least IP ownership data 
properly registered with each ISP they get IP space from - the IPs are not 
hijacked PCs on broadband connections

3. They aren't based on throwaway domains with fake whois contacts (yes, I will 
open that related and older can of worms here too) that are quite often bought 
with stolen cards.

4. The vast majority of fastflux is used for criminal purposes, and is hosted 
on illegally acquired (hijacked using viruses etc) hosts.

5. Registrars and coordinating them, registries, are the single point of 
failure for a dns based fastflux or double fast flux (where the NS itself 
fluxes, not just the A record of the host)

        srs




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy