<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship
- To: joe@xxxxxxxxxxxxxxxxxx
- Subject: Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 14:41:52 -0400
Joe,
If you look at the prior notes, Marc Perkel's, in particular, there is
are two points I missed at first reading.
The motivation "to escape censorship" may not be limited to the PRC or
Burma or ...
and
The value of an instance of "to escape censorship" may be orders of
magnitude greater than the value of an instance of "fast flux".
I agree that we haven't found a good "to escape censorship" example yet,
which employs more than one nameserver, and more than one A record, and
uses "small TTLs" to manage which nameserver(s) and which A record(s)
are authoritative and resolvable, respectively, at any point in time.
Eric
Joe St Sauver wrote:
Eric mentioned:
#How about wikileaks? Bank Julius Baer obtained a takedown. Ignoring the
#eventual outcome of the case in the US courts (takedown reversed),
#suppose the authors of wikileaks decided to make the site resistant to
#takedown? [In fact what they did was simply stop using the DNS, so the
#ip address still worked, and the content was still available. Think of
#that as "wicked fast flux" (so fast it leaves no trace in the DNS).]
For what it may be worth, in addition to use of raw IPs, Wikileaks also
used alternative domain names (e.g., in .cx, etc.)
But dropping back to raw IPs (or using alternative domain names) is *not*
fastflux.
Spammers who advertise raw IPs simply find any raw IPs they spamvertise
listed on things like the SURBL and URIBL (remember, those block lists
list *URIs,* which obviously can including dotted quads as well as domain
names). If you're a spammer and you've just spammed out a few million
copies of "Psst, hey, go to 1.2.3.4 to find ways to fix your inadequate
<whatever>," I imagine it would be a real bummer to have 1.2.3.4 get
torn down, making all those spam effectively pointless. For that reason,
spammers dislike getting locked into hard coded IP's, and prefer domain
names.
Remember, fastflux is used for stuff that's so inherently illegal or
reprehensible that no legitimate hosting company will knowingly host it,
and no network service provider will intentionally provide connectivity
for it, and thus a combination of domain name longevity and IP address
agility is required for survivability (as well as potentially for things
like load balancing).
Wikileaks is demonstrably able to obtain conventional hosting. I would
also note that those who want to share controversial documents in a
censorship-resistent manner have other alternatives, such as peer-to-peer
applications, or heck, distribution of physical CDs (you'll note that
Cryptome sells CDs of its content, for example).
Regards,
Joe
Disclaimer: all opinions strictly my own
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|