<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] TTL Limiting Idea - Alive or Dead?
- To: Marc Perkel <marc@xxxxxxxxxx>, "gnso-ff-pdp-May08@xxxxxxxxx" <gnso-ff-pdp-May08@xxxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] TTL Limiting Idea - Alive or Dead?
- From: Dave Piscitello <dave.piscitello@xxxxxxxxx>
- Date: Fri, 8 Aug 2008 06:56:07 -0700
By TTL limiting (and assuming you mean TTLs for name server records) do you
mean:
1. restricting the minimum TTL value that can be set for the name servers
associated with <name>.<tld>?
2. restricting the total number of times per {hour,day,week,month} a
registrant can change the TTL of a name server
3. rate limiting (throttling) the TTL changes in some other manner, e.g., a
backoff algorithm
I think the original idea came from the SSAC Fast Flux advisory. To be clear, I
included that option because it was among the possible solutions expressed at
the time (nearly 11 months ago), when we knew far less about flux attacks than
we do today. SSAC did not recommend that controlling TTL values alone was a
definitive remedy, nor one that should be considered effective when used as the
only remedy.
Given all that the antiphishing and anticrime communities have learned about
flux attacks since that report, I think that regulating TTL values will not
prove useful, since it is only one means of creating a resilient network.
You have pretty much stated repeatedly and accurately, in several threads, that
the choke point that offers the most bang for the buck is taking down the
domain. A big benefit from focusing on accelerating suspension is that it will
be effective for a very large set of techniques attackers might use to flux
their networks to keep them resilient and available.
On 8/8/08 9:18 AM, "Marc Perkel" <marc@xxxxxxxxxx> wrote:
Originally there was an idea on the table about limiting TTLs as a
solution to Fast Flux. Now I think there's some consensus that there is
some good fast flux - so - does that mean that TTL limiting idea is dead
or is there a different between how phishers flux than the way that free
speech fluxes?
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|