Re: [gnso-ff-pdp-may08] Saturday Harms

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

Eric,

I think you have taken a very limited view of harm. The fast flux techniques 
themselves do not, in the strictest sense, cause the ills that I mentioned and 
Joe repeats and amplifies below. This seems to be similar to the "guns don't 
kill people" conclusion. At a metalevel this may be true, but we can also 
debate that criminals could not kill people at such great distances, with such 
efficiency, if guns were not better controlled.

(Let's not do so on or off this list, I use it as an analogue only.)

Clearly since mine was the original opinion of "who is harmed?", I needn't 
restate what I've already written. If I were to write a slightly less blunt 
expression of my perspective than Joe's, I would say all the following are 
contributing factors to the harm inflicted upon registrants


 1.  fast flux techniques
 2.  malicious software developers
 3.  spam list compilers
 4.  software manufacturers  who do not sufficiently invest in secure code 
development
 5.  users who do not exercise care and discretion when using Internet 
applications and who do not maintain appropriate defenses against malicious code
 6.  ISPs who do not provide adequate measures against spoofing
 7.  every party involved with the domain name registration process who 
perpetuates a practice of accepting registrations without demanding accurate 
and complete registration information
 8.  manufacturers and producers of placebo and harmful drugs, bogus products, 
illicit material, etc.  sold at web sites whose duration of operation is 
effectively sustained when fast flux techniques are employed
 9.  credit card and identity thieves
 10. money mules
 11. bullet proof and "look no further" hosting companies who host (3)
 12. criminals

The list goes on and on...

We can address some of the things on this list. SSAC and others have attempted 
to address (6) thru BCP038 and SAC004/SAC010. Perhaps through an ICANN policy 
and perhaps through a set of recommended practices we might address (1) and (7).

On 7/19/08 12:32 PM, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx> wrote:



At the risk of earning an angry retort, let me see if I can
summarize the 300 or so lines of your last note. If I got the
gist of what you were trying to say, I *think* it may have
been:

   "Fastflux doesn't hurt anybody."

I disagree.

Without trying to tag any given constituency as the source or
sink of fastflux related ills, let me just mention a few of
the behaviors that I think *do* represent damage to some part
of the Internet community.

-- Fastflux happens on clandestinely compromised machines;
   botting hosts for that (or any purpose) is bad. They may
   become unstable, they may be expensive to cleanup, personally
   identifiable information may lost along the way, connections
   may end up getting turned off, etc., etc., etc. Getting
   botted is unquestionably a bad thign.

-- Fastflux facilitates and enables some of the most egregious
   substantive ills our society knows, including child
   exploitation, drug abuse, financial crime, the distribution
   of malware, etc.

-- Attempts to technically (rather than administratively)
   cope with fastflux have/will result in increasingly Rube
   Goldbergesque technical "solutions" which may destroy Internet
   transparency or break the network in hard to diagnose ways

-- Fastflux domain names are registered with bogus point of
   contact data, hindering accountability, resulting in
   complaints, and frustrating the rule of law

-- Suggestions that criminal enforcement be left to criminal
   authorities are frustrated by a lack of cooperation in
   basic areas such as requiring customers to be accountable
   (e.g., if point of contact information for domains is
   routinely allowed to be entirely fictitious, law enforcement
   won't have an easy time going after the bad guys using the
   resources at their disposal)

-- Unchecked, the bad guys are accumulating a substantial
   stockpile of network firepower. At some point, it is going to
   dawn on some of them (if it hasn't already), that they
   very well may actually be the ones who are in de facto control
   of the Internet. Disagree with that assertion? How big a DDoS
   can you sinkhole for how long? Ready to resist DNS-based
   attacks? Route injection attacks? Floods of blow back traffic
   from Joe Job'd spam runs?

Factors such as those make me disagree 100% that fastflux is benign,
and should be implicitly or explicity tolerated in any way.

Regards,

Joe