ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?

  • To: Fast Flux Workgroup <gnso-ff-pdp-May08@xxxxxxxxx>
  • Subject: Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?
  • From: "Mike O'Connor" <mike@xxxxxxxxxx>
  • Date: Mon, 14 Jul 2008 13:20:51 -0500


thanks Dave!

At 12:40 PM 7/14/2008, Dave Piscitello wrote:

By registrants, we are talking about all these cases, correct?

- individuals who register a domain name for mail purposes only
  (e.g., <given_name>@<family_name>.name
- individuals who register a domain name for personal web
- individuals who register a domain name for small business web
- organizations that register domain names for
  * mail purposes only
  * other non-web purposes
  * web presence, commerce, publishing, marketing etc.
  * speculation (secondary market)
  * monetization (and tasting)
  * Intellectual Property and brand protection
- outsourcing companies (e.g., web hosting providers, MS Exchange/email
providers)

Let's begin with harm.

1) All these parties are vulnerable to attacks designed to compromise the
registrant's domain account so that the domain names can be used to abet
fast flux (e.g., the attacker hacks example.com's registration account, adds
or modifies NS, MX and A records of these "reputable" domains).

Such attacks have several consequences to the domain name registrant,
depending on how the name is abused. Examples: if the domain is used to
resolve names to systems that host illegal web activities, the registrant
may experience loss of service at his legitimate sites, damage to
reputation, loss of business presence and revenue. If the name is used to
relay spam, the domain may be blocklisted thereby disrupting the
registrant's email service.


2) Many of the above parties are vulnerable to attack by parties who might
seek to gain administrative control of the registrant's legitimate web
presence so that it can serve as a host for illegal activities, since the
registrant's reputation enhances the deception. (This does not require
compreomise of the registrant's domain registration account.

3) A registrant whose web presence that is compromised and subsequently used
for serious criminal activities may be encumbered by an extensive
investigation by LEAs; for example, if child pornography was uploaded to the
site. The registrant or hosting company bears the costs associated with
cooperating/complying with the investigation, e.g., it may have to
(temporarily) replace assets seized to restore service. Part of the "clean
up" may require extensive customer-facing tasks - assisting in the
restoration of accounts, recovery of (financial) assets, It may have to deal
with regulators if the attack caused the registrant to fall out of
compliance with a regulation or law.

On 7/14/08 8:30 AM, "Mike O'Connor" <mike@xxxxxxxxxx> wrote:

>
>
> This is an email to kick off a draft answer to the question "How are
> registrants affected by fast flux hosting?"
>
> I'm just seeding the discussion, not writing a draft for people to
> shoot at.  Mostly because I can't come up with any
> "registrant-specific" impacts from fast-flux.
>
> Please help!
>
> m
>
>



No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.4.10/1551 - Release Date: 7/14/2008 6:49 AM




<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy