<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps
- To: gaaron@xxxxxxxxxxxx
- Subject: RE: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps
- From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Jun 2009 11:37:37 -0700
This feels like the movie "ground hogs day," going over and over the
same material time after time after time.
I thought the draft report was it for most of the big arguments, subject
only to the addition of a chapter discussing public comments, but I see
that's not the case, and now we find ourselves re-hashing all those fun
old arguments again. Whee!
Like one of my kid's favorite cartoons says, I guess this is a case
where whoever has the greatest endurance prevails in some meetings.
Ah well. On to the matter at hand:
Greg mentioned:
#2) Mike's edits at the end of the document change the meaning and purpose in
#a manner not agreed to by the WG. James's draft accurately reflects the
#WG's discussion of how it wanted a way for people to "submit potential fast
#flux domains for consideration by the working group" as part of its
#research. Mike has changed the draft to state that the WG wants ICANN to
#create a reporting system for "parties that might take action against
#illegitimate or illegal activity." Those are two very different things.
#
#Mike's change should be stricken. The FFWG has never endorsed the idea
#that ICANN create a WPDRS-like service for fast-flux,
Simply factually incorrect. Grab a copy of
gnso.icann.org/issues/fast-flux-hosting/fast-flux-initial-report-26jan09.pdf
and grep for WDPRS
On PDF page 53 as part of potential next steps you'll see:
"FFDRS (Fast Flux Data Reporting System)
"Collection of data about fast flux is an integral part of the work of
this group, and the foundation for future analysis of the fast flux
issue. Currently there is no publicly available formal mechanism for
members of the community to submit potential fast flux domains for
consideration by the working group. The Whois Data Problem Reporting
Service (WDPRS), see http://wdprs.internic.net/, is an excellent
example of a existing public domain name-related data submission
mechanism similar to what the Working Group might consider, albeit one
that is focused on Whois data problems rather than the fast flux
problem. Another example of a public cyber-security-related domain name
problem submission portal is Phishtank, http://www.phishtank.com/."
Greg also commented, with regard to ICANN collecting data on fast flux:
#I wonder if the thing would tell us anything new, and I wonder if any of us
#honestly has the time to verify and sift the data. There's no reason to
#spend time and money on something that is not needed or might not be used.
And by avoiding the collection of data, we'll insure that the fast flux
problem remains murky, poorly understood, and unremediated. Nothing
helps fix a problem quite like examining it under a bright light, and
that requires data.
If ICANN collects the data and makes it available to the network
research community, I guarantee folks will look at it and analyze it.
I know that some people don't want the bright light of public scrutiny
put on fast flux methods, but I'd prefer to get the data and let the
rest sort itself out.
Finally, Greg also commented:
#I think it
#should read: "Successful mitigation of any single technique is not likely to
#change the macro environment for Internet fraud and abuse -- every attack
#that is enhanced by the use of fast flux techniques could be pursued without
#them, but possibly at higher cost or effort for the attacker."
By that logic, all attempts at mitigation are pointless or out of scope
since the nature of cyber crime is persistent agility in the face of hostile
action by the authorities or other good guys.
There are some techniques, however, that cyber criminals REALLY like,
and prefer to use when they can. Fast flux is one of them. No cost to
do your hosting. Robust to any single compromised system going down.
No pesky financial records subject to backtracking in follow-the-money
attacks by the authorities. Scales well....
Can miscreants recover from potential loss of fast flux hosting methods?
Yes, but loss of fast flux hosting would still hurt at least some of
them a LOT.
It would be a real mistake to back away from action against fast flux.
Regards,
Joe
Disclaimer: all opinions strictly my own
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|