<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-ff-pdp-may08] RE: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship? -- what's the conclusion?
- To: gaaron@xxxxxxxxxxxx
- Subject: RE: [gnso-ff-pdp-may08] RE: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship? -- what's the conclusion?
- From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 09:21:34 -0700
Greg asked...
#Are you saying that this site uses the fast-flux technique, but does not
#look malicious?
No. I'm saying that it simply doesn't meet a fully-informed definition
of what's "fastflux." Let me explain what I mean.
If we have a definition of "pony" that's "a mammalian farm animal with four
legs that's ridden by children," that (obviously poor) definition of "pony"
admits the inclusion of adult horses, donkeys, mules, large dogs, pigs and
who knows what all else wrongly to the set of potential "ponies."
So, too, with fastflux. A sloppy initial definition leads to lots of stuff
that may superficially look like fastflux, but which on closer inspection
anyone who's familiar with real fastflux nodes would immediately recognize
as being out of scope based on objectively observable criteria, and not
requiring us to attempt to peer into the hearts and minds of the (ab)user
to determine "intent."
#If so, then it seems to demonstrate that undiscriminating
#counter-measures that limit or disrupt use of the fast-flux technique
#could impact legitimate users and stifle free expression.
*Any* attempt to control an unwanted phenomena, but definition, can also
impact wanted phenomena. For example, controls on the sale of spray paint
used for "tagging" may inconvenience a teen ager who wants to purchase
spray paint for some use other than grafiti. Controls on the sale of
tablet form pseudephedrine, imposed in many states to help stem the tide
of illegal methamphetamine production, may inconvenience an allergy
sufferer with a stuffed-up head.
Society normally attempts to balance the impact of control measures,
weighing things like:
-- relative impacts (relative numbers impacted, relative severity of
the illness vs the relative pain of the cure, etc.),
-- the breadth of proposed control measures (can the desired goal be
achieved with a narrower proposed measure?),
-- whether control measures completely ban or merely regulate a particular
activity,
-- whether substitutes exist which allow a desired end to be reached by
different means,
-- whether there were procedural opportunities for varying voices to be
heard during the policy development process, and
-- whether there are avenues for appeal or exception once the general
policy is operative,
-- etc., etc., etc.
Those balances -- and the underlying values they represent -- will
vary from place to place, and from time to time, and from person to person.
But the point is that most societies permit some degree of encroachment upon
what might otherwise be a purely anarchic environment. The ones that get the
balance wrong too far in the opposite direction become totalitarian. The rest
of us happily live somewhere in the middle.
#I am going by the definition in our Issues Report, which defines the fast
#flux technique as "the rapid and repeated changes to A and/or NS resource
#records in a DNS zone, which have the effect of rapidly changing the
#location (IP address) to which the domain name of an Internet host (A) or
#name server (NS) resolves."
That's what I call a "a pony is a mammalian farm animal with four legs
that's ridden by children," definition. It alludes to the phenomena of
interest, but it completely fails close scrutiny.
#This is distinguished from "fast-flux hosting," which the Issues Report
#defines as use of the fast-flux technique with malicious or illegal intent.
Based on Dave's early definition, alluding to fastflux attacks, fastflux
web hosting is arguably used for malicious activities other than just
web hosting and DNS hosting (although we still need to tease out precisely
what those other malicious uses may be).
I think one objective of the group should be to clean up our definition(s)
of fastflux and related phenomena.
One helpful step might be to categorize the definitions of fastflux which have
already been offered by the community. For example, Spamhaus defines it as
( http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%20Issues#164 ):
"Fast flux domain hosting involves the use of botnet zombie drones on
broadband IPs infected to act as reverse proxies for the spammer's
website or nameservers. The spamvertised domain, or its nameserver, is
pointed at a rapidly changing series of zombie IPs (hence the name) with
very short "TTL" values -- usually less than five minutes (300s). There
are typically four or five "A" records to distribute the load and
increase the odds of the website staying up. Their proxy service hides
the IP location of the spammer's dedicated servers. As the very action
of hijacking computers is illegal in most jurisdictions, such fast flux
hosting is only used for further criminal activities such as phishing
and child pornography. Because the criminals know they could be
identified if they used valid "whois" data, they always use bogus data,
so registrars can confidently HOLD (suspend) the domain based on ICANN
3.7.7.2."
And I'm sure there are others that folks might like to mention, other
than just the one from the charter?
Regards,
Joe
Disclaimer: all opinions strictly my own.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|