<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship
- To: Philip Lodico <phil.lodico@xxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 10:00:11 -0400
Philip,
How about wikileaks? Bank Julius Baer obtained a takedown. Ignoring the
eventual outcome of the case in the US courts (takedown reversed),
suppose the authors of wikileaks decided to make the site resistant to
takedown? [In fact what they did was simply stop using the DNS, so the
ip address still worked, and the content was still available. Think of
that as "wicked fast flux" (so fast it leaves no trace in the DNS).]
The value of the alleged mismanagement appears to be in the low seven
figures, for just one instance of a state suppression of published offer
of proof of corruption. Compare the amount estimated to be harvested by
fast flux exploits.
My point is that the example(s) are not so exotic as "dissidents in
china", and the cash value of "dissent" may easily run to the millions,
in direct, uninterpreted value, per "event".
Eric
Philip Lodico wrote:
Playing devils advocate a bit - With ICANN being a global
organization, and if ICANN is considering potential action on
fast-flux, wouldn’t the Chinese representatives not want a tool that
bypasses their government policies? They might argue that this is not
“legitimate” use.
On 7/15/08 5:51 PM, "Marc Perkel" <marc@xxxxxxxxxx> wrote:
OK - so if there is a legitimate used for fast flux then that
kills the solution to restrict name server TTLs to higher values
because if we do then we can't circumvent Chinese censorship.
Wouldn't we have to allow some people to fast flux and not others?
Glen de Saint Géry wrote:
Posted on behalf of Greg Aaron
Subject: example: using fast-flux to escape censorship
Dear group:
I'm posting this to the private list because it
is more suitable for group members' eyes only for
confidentiality purposes.
Wendy, Dave, and Eric have each touched on
whether there may be legitimate uses of
fast-flux hosting by entities that use it to
escape censorship. Let's examine a real-world
example to see if it fits. Below are query
results for a real domain. The TTL is 60, and
the IPs are being changed rapidly and are
globally distributed on multiple ASNs. It
therefore seems to meet the definition of fast-flux.
The registrant is an entity called Domain
UltraReach. Domain UltraReach says it offers a
proxy service designed to allow Web users to
circumvent Chinese government Internet censorship.
<
<http://www.ultrareach.com/company/aboutus.htm>http://www.ultrareach.com/company/aboutus.htm
<http://www.ultrareach.com/company/aboutus.htm%3Ehttp://www.ultrareach.com/company/aboutus.htm>
Domain UltraReach operates multiple such fluxy domain
names besides the below.
So, what do we have here?
Domain Query / Query timestamp / name server / IP result / AS
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns1.AVONMPRODUCTS.INFO 204.0.5.32 NTT-COMMUNICATIONS-2914
- NTT America, Inc.
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns1.AVONMPRODUCTS.INFO 204.252.142.121 UUNET -
MCI Communications Services, Inc. d/b/a Verizon Business
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns1.AVONMPRODUCTS.INFO 204.223.32.233
PENS-NET-AS - Navy Network Information Center (NNIC)
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns2.AVONMPRODUCTS.INFO 64.151.115.197 SERVEPATH -
ServePath, LLC
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns2.AVONMPRODUCTS.INFO 64.196.254.49 MCLEOD - McLeod, Inc.
AVONMPRODUCTS.INFO 2008-06-03 20:26
ns2.AVONMPRODUCTS.INFO 64.4.109.127 NTELOSINC - Ntelos Inc.
AVONMPRODUCTS.INFO 2008-06-03 18:51
ns1.AVONMPRODUCTS.INFO 221.192.149.102
CHINA169-BACKBONE CNCGROUP China169 Backbone
AVONMPRODUCTS.INFO 2008-06-03 18:51
ns1.AVONMPRODUCTS.INFO 221.234.155.122 CHINANET-BACKBONE
No.31,Jin-rong Street
AVONMPRODUCTS.INFO 2008-06-03 18:51
ns1.AVONMPRODUCTS.INFO 221.141.216.67 HANARO-AS Hanaro
Telecom Inc.
AVONMPRODUCTS.INFO 2008-06-03 18:51
ns2.AVONMPRODUCTS.INFO 194.67.57.226 SOVAM-AS Golden
Telecom, Moscow, Russia
AVONMPRODUCTS.INFO 2008-06-03 18:51 ns2.AVONMPRODUCTS.INFO
194.13.52.50
AVONMPRODUCTS.INFO 2008-06-03 18:51
ns2.AVONMPRODUCTS.INFO 194.121.16.127 KPN KPN Internet
Backbone AS
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns1.AVONMPRODUCTS.INFO 212.129.63.31 SKYROCK Skyrock
content delivery network
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns1.AVONMPRODUCTS.INFO 212.105.133.231 Euronext
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns1.AVONMPRODUCTS.INFO 212.230.244.4 AS15704 Xtratelecom
Spain AS
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns2.AVONMPRODUCTS.INFO 219.239.94.45 DXTNET
Beijing Dian-Xin-Tong Network Technologies Co., Ltd.
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns2.AVONMPRODUCTS.INFO 219.10.51.50 GIGAINFRA BB
TECHNOLOGY Corp.
AVONMPRODUCTS.INFO 2008-06-03 17:17
ns2.AVONMPRODUCTS.INFO 219.98.11.127 SO-NET So-net
Entertainment Corporation
AVONMPRODUCTS.INFO 2008-06-03 09:41
ns1.AVONMPRODUCTS.INFO 79.170.89.4 XL-AS XL Network
AVONMPRODUCTS.INFO 2008-06-03 09:41 ns1.AVONMPRODUCTS.INFO
79.44.193.230
AVONMPRODUCTS.INFO 2008-06-03 09:41
ns1.AVONMPRODUCTS.INFO 79.219.201.4 DTAG Deutsche Telekom AG
AVONMPRODUCTS.INFO 2008-06-03 09:41
ns2.AVONMPRODUCTS.INFO 212.27.48.10 PROXAD AS for
Proxad/Free ISP
AVONMPRODUCTS.INFO 2008-06-03 09:41
ns2.AVONMPRODUCTS.INFO 212.222.48.229 INTEROUTE Interoute
Communications Ltd
AVONMPRODUCTS.INFO 2008-06-03 09:41
ns2.AVONMPRODUCTS.INFO 212.123.105.4 IP-EXCHANGE IP
Exchange GmbH
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns1.AVONMPRODUCTS.INFO 209.17.70.11 PHOTOBUCKET -
PHOTOBUCKET.COM, INC.
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns1.AVONMPRODUCTS.INFO 209.71.142.194 VOICENET - Voicenet
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns1.AVONMPRODUCTS.INFO 209.66.40.124 JERSEY - InterActive
Network Services
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns2.AVONMPRODUCTS.INFO 65.214.39.56 WAN - Worldcom Advance
Networks
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns2.AVONMPRODUCTS.INFO 65.88.255.172 LVLT-8043 - Level 3
Communications, Inc.
AVONMPRODUCTS.INFO 2008-06-03 07:13
ns2.AVONMPRODUCTS.INFO 65.77.20.79 ETHERN -
Global Communications INTERNETworking Corp.
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns1.AVONMPRODUCTS.INFO 38.99.77.80 EZRI-36323 - Ezri Inc
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns1.AVONMPRODUCTS.INFO 38.180.8.183 COGENT Cogent/PSI
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns1.AVONMPRODUCTS.INFO 38.172.214.108 COGENT Cogent/PSI
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns2.AVONMPRODUCTS.INFO 198.172.81.21
NTT-COMMUNICATIONS-2914 - NTT America, Inc.
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns2.AVONMPRODUCTS.INFO 198.85.245.171 NCREN - MCNC
AVONMPRODUCTS.INFO 2008-06-03 04:46
ns2.AVONMPRODUCTS.INFO 198.94.171.227 LEVEL3 Level 3
Communications
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns1.AVONMPRODUCTS.INFO 193.33.59.200 GRONO-AS grono.net
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns1.AVONMPRODUCTS.INFO 193.6.168.165 HBONE-AS HUNGARNET
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns1.AVONMPRODUCTS.INFO 193.248.13.227 AS3215 France
Telecom - Orange
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns2.AVONMPRODUCTS.INFO 63.99.250.195 WAN - Worldcom
Advance Networks
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns2.AVONMPRODUCTS.INFO 63.88.39.116 UUNET - MCI
Communications Services, Inc. d/b/a Verizon Business
AVONMPRODUCTS.INFO 2008-06-03 02:26
ns2.AVONMPRODUCTS.INFO 63.11.31.2 UUNET - MCI
Communications Services, Inc. d/b/a Verizon Business
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns1.AVONMPRODUCTS.INFO 85.17.132.149 LEASEWEB LEASEWEB AS
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns1.AVONMPRODUCTS.INFO 85.187.85.229 B-NET BiConsult Eood
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns1.AVONMPRODUCTS.INFO 85.237.255.4 ORANGE SLOVENSKO
Autonomous system
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns2.AVONMPRODUCTS.INFO 15.201.49.22 HP-DIGITAL-10782 -
Hewlett-Packard Company
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns2.AVONMPRODUCTS.INFO 15.200.102.165
TELSTRA-AS-AP Telstra International HK Limited
AVONMPRODUCTS.INFO 2008-06-03 00:11
ns2.AVONMPRODUCTS.INFO 15.54.195.227 HP-INTERNET-AS
Hewlett-Packard Company
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns1.AVONMPRODUCTS.INFO 201.7.178.45 TV GLOBO LTDA
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns1.AVONMPRODUCTS.INFO 201.213.120.166 Prima S.A.
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns1.AVONMPRODUCTS.INFO 201.48.105.79 Companhia
de Telecomunicacoes do Brasil Central
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns2.AVONMPRODUCTS.INFO 66.70.92.80 DATAPIPE - DataPipe
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns2.AVONMPRODUCTS.INFO 66.246.26.231 NET-ACCESS-CORP - Net
Access Corporation
AVONMPRODUCTS.INFO 2008-06-02 21:59
ns2.AVONMPRODUCTS.INFO 66.125.111.4 SBIS-AS - AT&T
Internet Services
AVONMPRODUCTS.INFO 2008-06-02 19:47
ns1.AVONMPRODUCTS.INFO 199.89.199.26 MATTEL - Mattel, Inc.
AVONMPRODUCTS.INFO 2008-06-02 19:47
ns1.AVONMPRODUCTS.INFO 199.217.173.127
NTT-COMMUNICATIONS-2914 - NTT America, Inc.
AVONMPRODUCTS.INFO 2008-06-02 19:47 ns1.AVONMPRODUCTS.INFO
199.7.82.67
AVONMPRODUCTS.INFO 2008-06-02 19:47
ns2.AVONMPRODUCTS.INFO 212.48.10.150 MATRIX-AS Matrix S.p.A.
AVONMPRODUCTS.INFO 2008-06-02 19:47
ns2.AVONMPRODUCTS.INFO 212.121.2.112 JANET The JANET IP
Service
AVONMPRODUCTS.INFO 2008-06-02 19:47
ns2.AVONMPRODUCTS.INFO 212.23.66.67 Ural Relcom Ltd.
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns1.AVONMPRODUCTS.INFO 66.135.200.146 EBAY - eBay, Inc
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns1.AVONMPRODUCTS.INFO 66.70.35.110 DATAPIPE - DataPipe
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns1.AVONMPRODUCTS.INFO 66.228.240.2 PRMTC - Park Region
Mutual Telephone Co
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns2.AVONMPRODUCTS.INFO 60.12.228.40
CHINA169-BACKBONE CNCGROUP China169 Backbone
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns2.AVONMPRODUCTS.INFO 60.148.167.56 GIGAINFRA BB
TECHNOLOGY Corp.
AVONMPRODUCTS.INFO 2008-06-02 17:48
ns2.AVONMPRODUCTS.INFO 60.101.119.4 GIGAINFRA BB
TECHNOLOGY Corp.
**********************************
Greg Aaron
Director, Key Account Management and Domain Security
Afilias
vox: +1.215.706.5700 x104
fax: 1.215.706.5701
gaaron@xxxxxxxxxxxx
**********************************
The information contained in this message may be
privileged and confidential and protected from
disclosure. If the reader of this message is not
the intended recipient, or an employee or agent
responsible for delivering this message to the
intended recipient, you are hereby notified that
any dissemination, distribution or copying of
this communication is strictly prohibited. If
you have received this communication in error,
please notify us immediately by replying to the
message and deleting it from your computer.
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.4.11/1553
- Release Date: 7/15/2008 5:48 AM
--
Philip M. Lodico, Managing Partner
FairWinds Partners, LLC
2122 P Street, NW
Suite 300
Washington, DC 20037
Work: +1 202.223.9253
Mobile: +1 917.756.8907
Fax: +1 202.223.9256
_phil.lodico@xxxxxxxxxxxxxxxxxxxxx
_
Please visit the Web site CADNA, The Coalition Against Domain Name
Abuse at: _http://www.cadna.org
_
This message is intended only for the use of the addressee and may
contain information that is privileged, confidential and exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient, or the employee or agent responsible for
delivering the message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please notify us immediately by return e-mail and delete
this e-mail and all attachments from your system.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|