[gnso-ff-pdp-may08] Comments on the report (2)

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Section 5.1, (Note)

Lines 286-287 currently read:

note that ³fast flux,² as defined above, is a technique which is beneficial
or harmful only to the extent that it is used to conduct beneficial or
harmful activities.


The definition above this section begins by stating that a fast flux network
is operated on one or more compromised host. I find it difficult to think of
no parties who benefits from fast flux other than attackers if we continue
to include this characteristic in the definition.

However, I believe that the presence of software that was installed on hosts
without notice or consent to the system operator/owner is a critically
important characteristic, one among several that distinguishes volatile
attack networks from volatile production networks. (my preceding comment
enumerates others)