<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Choke points
- To: George Kirikos <fastflux@xxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] Choke points
- From: Marc Perkel <marc@xxxxxxxxxx>
- Date: Thu, 07 Aug 2008 10:02:22 -0700
George,
Responding to your question about examples and choke points.
A fraud operation starts with domain name tasting. It registers
fakebank.com and establishes a FF network of virus infected or hacked
web servers to server web pages for fakebank.com. These web pages trick
victims into giving up their account numbers and passwords to their
accounts on realbank.com ant their money is stolen.
In order to do this the fraud operation uses spam to drive people to the
fakebank.com site. The spam pretends to be realbank.com but has a link
in the message that takes the victim to fakebank.com.
These messages are easily detected by spam filtering operations. eal
backs don't send email through bot nets. If a bank is set up properly
(some are, others should be) then all real email from realbank.com comes
from servers whose FCrDNS points to *.realbank.com. Thus any email not
from that hostname is fraud and mail from it is good. There are also a
lot of other indicators that make this process nearly 100% accurate.
(100% on positives, so no false positives. Possibly a few slip through
if they are very clever).
There are two choke points. Good spam filtering can stop most all of it,
and can report it to registrars. Geberally in such a system the
registrar will get thousand of complains from many reporting operation.
The real choke point is taking down the fakebank.com domain. Once that
is done then the spam doesn't matter, the Fast Flux doesn't matter, the
link becomes dead and the victims are protected. Taking down that domain
quickly is the key to making this work.
So - if the registrar of the domain in question is getting thousands of
complains from many reporters about fakebank.com and fakebank.com is
fluxing and it's still in the tasting period it could be shut down
through automation within minutes of the fraud starting. If such a
system were in place then Fast Flux would stop working for fraud than
the criminals would abandon it's use and the problem would be solved.
And we win - and without damage to and freedoms or liberties.
People - this war is winnable if we do it right. I think that we can
take out 90%+ of fraud with 100% accuracy within 5 minutes. And that's a
conservative guess.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|