ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship

  • To: ebw@xxxxxxxxxxxxxxxxxxxx
  • Subject: Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship
  • From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 16 Jul 2008 10:02:08 -0700
Eric mentioned:

#How about wikileaks? Bank Julius Baer obtained a takedown. Ignoring the
#eventual outcome of the case in the US courts (takedown reversed),
#suppose the authors of wikileaks decided to make the site resistant to
#takedown? [In fact what they did was simply stop using the DNS, so the
#ip address still worked, and the content was still available. Think of
#that as "wicked fast flux" (so fast it leaves no trace in the DNS).]

For what it may be worth, in addition to use of raw IPs, Wikileaks also 
used alternative domain names (e.g., in .cx, etc.)

But dropping back to raw IPs (or using alternative domain names) is *not*
fastflux. 

Spammers who advertise raw IPs simply find any raw IPs they spamvertise 
listed on things like the SURBL and URIBL (remember, those block lists
list *URIs,*  which obviously can including dotted quads as well as domain
names). If you're a spammer and you've just spammed out a few million 
copies of "Psst, hey, go to 1.2.3.4 to find ways to fix your inadequate 
<whatever>," I imagine it would be a real bummer to have 1.2.3.4 get 
torn down, making all those spam effectively pointless. For that reason,
spammers dislike getting locked into hard coded IP's, and prefer domain
names. 

Remember, fastflux is used for stuff that's so inherently illegal or 
reprehensible that no legitimate hosting company will knowingly host it, 
and no network service provider will intentionally provide connectivity 
for it, and thus a combination of domain name longevity and IP address 
agility is required for survivability (as well as potentially for things
like load balancing). 

Wikileaks is demonstrably able to obtain conventional hosting. I would
also note that those who want to share controversial documents in a 
censorship-resistent manner have other alternatives, such as peer-to-peer 
applications, or heck, distribution of physical CDs (you'll note that
Cryptome sells CDs of its content, for example). 

Regards,

Joe

Disclaimer: all opinions strictly my own
<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy