Re: [gnso-ff-pdp-may08] Re: [ntfy-gnso-ff-pdp-may08] FW: example: using fast-flux to escape censorship

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

Eric mentioned:

#If you look at the prior notes, Marc Perkel's, in particular, there is 
#are two points I missed at first reading.
#
#The motivation "to escape censorship" may not be limited to the PRC or 
#Burma or ...

The list of censoring national entities is indeed quite long.

Stipulated.

#and
#
#The value of an instance of "to escape censorship" may be orders of 
#magnitude greater than the value of an instance of "fast flux".

Depends how you construct the score sheet. Let's assume a fastflux
hosting instance represents 1,000 bot'd hosts, and each of those
bot'd hosts represents a *minimum* expense of $100/compromised system
(for antivirus software to try to clean up a compromised system, 
and just a trivial level of professional assistance). Yes, those
values may be too high or too low, I welcome empirical research
results to refine them to more accurate values. $100,000...

Add to that the value of the million or so people who may receive
spam for that site, and who may spend time deleting it, or reporting 
it, or whatever. Of course, far more than a million people may get
that spam, but again, let's be conservative. Let's also assume that it 
only costs $0.10/person in time and effort to deal with that spam 
(reality is that that's high for some folks, but way low for others). 
But let's tack on another 1,000,000*0.10 nonetheless... there's 
another $100,000 in costs...

Now add to that the costs associated with commercial interests who 
are being wronged by stuff flogged via fastflux (such as lost revenue 
from pirated software, lost revenue associated with knock-off 
merchandise, financial losses due to phishing, etc.) For the sake of
argument, let's say a typical software vendor loses what, maybe two
hundred bucks per pirated sale of one of their products? And that the
warez d00dz sell what, maybe 500 copies per million spam? 50 copies per
million? 5000 copies per million? Dunno, but let's say 500 for the
sake of argument. Cah-ching, there goes another $100,000...

And that $300K was just due to a single hypothetical incident of fastflux
hosting... How many incidents are we hearing about each day, eh? Multiply
that all out (where are the forensic accountants when you need them, eh?)
and the cost can be staggeringly high. 

But arguing the other side of the coin, if a disident becomes ensnared
in a totalitarian state's network police aparatus, the consequences may
(literally) be fatal. Hard to put a value on a human life (unless you're
an actuary or a (good) personal injury attorney). :-;

#I agree that we haven't found a good "to escape censorship" example yet, 
#which employs more than one nameserver, and more than one A record, and 
#uses "small TTLs" to manage which nameserver(s) and which A record(s) 
#are authoritative and resolvable, respectively, at any point in time.

Don't miss the other crucial components, like the implementation of the
fastflux service on *bot'd hosts*...

Regards,

Joe

Disclaimer: all opinions strictly my own