[gnso-ff-pdp-may08] Definition V4.2

["Mike O'Connor" <mike@xxxxxxxxxx>]

Hi all,

I've lifted (and twisted) various parts of the "definition" thread 
and pushed it up to the web site -- with bolded stuff to stimulate 
further discussion.
Here's the link;

https://st.icann.org/pdp-wg-ff/index.cgi?initial_draft_definitions

And here's the text (with curly-brackets around the stimulii);

A Fast Flux network is, for purposes of this working group:

    * operated on one or more compromised {"plurally-purposed?"} hosts
    * operated for the purpose of hosting unauthorized, malicious or 
criminal content
      {delete? - "illegal vs political" issue}
    * operated using software that was installed {on hosts} without 
notice or consent to the
        system operator/owner
    * "volatile" in the sense that the network changes its topology 
for the specific
        purpose of sustaining the lifetime of the network and the 
attack(s) the network supports, using:
          o (rapid) modification of TTLs for name servers and 
malicious content hosts
            {threshold? 1700 changes a month is avg TTL of 1525}
          o monitoring to determine/conclude that a host has been identified
            and shut down {by its owner? how do we identify?}
          o time- or other metric-based topology change {how do we identify?}
    * {Limit the problem to "within the scope of ICANN to address"
          o Operation of the DNS system
          o Registration services
          o System-operators can't be reached/contacted
          o Does NOT include; routing, end-point security, etc.}

Carry on.

m


voice: 651-647-6109
fax: 866-280-2356

web: www.haven2.com