Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship

[Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>]

Joe,

If you look at the prior notes, Marc Perkel's, in particular, there is 
are two points I missed at first reading.
The motivation "to escape censorship" may not be limited to the PRC or 
Burma or ...
and

The value of an instance of "to escape censorship" may be orders of 
magnitude greater than the value of an instance of "fast flux".
I agree that we haven't found a good "to escape censorship" example yet, 
which employs more than one nameserver, and more than one A record, and 
uses "small TTLs" to manage which nameserver(s) and which A record(s) 
are authoritative and resolvable, respectively, at any point in time.
Eric

Joe St Sauver wrote:
> Eric mentioned:
>
> #How about wikileaks? Bank Julius Baer obtained a takedown. Ignoring the
> #eventual outcome of the case in the US courts (takedown reversed),
> #suppose the authors of wikileaks decided to make the site resistant to
> #takedown? [In fact what they did was simply stop using the DNS, so the
> #ip address still worked, and the content was still available. Think of
> #that as "wicked fast flux" (so fast it leaves no trace in the DNS).]
>
> For what it may be worth, in addition to use of raw IPs, Wikileaks also 
> used alternative domain names (e.g., in .cx, etc.)
> But dropping back to raw IPs (or using alternative domain names) is *not*
> fastflux. 
>
> Spammers who advertise raw IPs simply find any raw IPs they spamvertise 
> listed on things like the SURBL and URIBL (remember, those block lists
> list *URIs,*  which obviously can including dotted quads as well as domain
> names). If you're a spammer and you've just spammed out a few million 
> copies of "Psst, hey, go to 1.2.3.4 to find ways to fix your inadequate 
> <whatever>," I imagine it would be a real bummer to have 1.2.3.4 get 
> torn down, making all those spam effectively pointless. For that reason,
> spammers dislike getting locked into hard coded IP's, and prefer domain
> names. 
>
> Remember, fastflux is used for stuff that's so inherently illegal or 
> reprehensible that no legitimate hosting company will knowingly host it, 
> and no network service provider will intentionally provide connectivity 
> for it, and thus a combination of domain name longevity and IP address 
> agility is required for survivability (as well as potentially for things
> like load balancing). 
>
> Wikileaks is demonstrably able to obtain conventional hosting. I would
> also note that those who want to share controversial documents in a 
> censorship-resistent manner have other alternatives, such as peer-to-peer 
> applications, or heck, distribution of physical CDs (you'll note that
> Cryptome sells CDs of its content, for example). 
>
> Regards,
>
> Joe
>
> Disclaimer: all opinions strictly my own
>
>
>