ICANN Email Archives: [gnso-ff-pdp-may08]

ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Abuse in general

To: George Kirikos <fastflux@xxxxxxxx>, Marc Perkel <marc@xxxxxxxxxx>
Subject: Re: [gnso-ff-pdp-may08] Abuse in general
From: Dave Piscitello <dave.piscitello@xxxxxxxxx>
Date: Fri, 8 Aug 2008 06:36:37 -0700

Stop, please.

Please, George, review the emails where we have repeatedly discussed the 
difference between a fast flux attack and a network application that uses short 
TTLs.

Fast flux is not used for "high availability" or as you defined it in an 
earlier email, "a technique used to create a highly resilient network".  For 
weeks we have been trying to carefully characterize fast flux so that we can 
distinguish fast flux networks from, in your words, "high availability which is 
something everyone wants".

If you say, "Short TTLs can be used to create a highly resilient network" I'm 
on board.

The criminals may have adopted short TTLs but that's not the only marker. 
Anyone who looks at a DNS configuration, sees a short TTL, and concludes "this 
is a fast flux attack" is going to be wrong. And we have already agreed to this 
point.

We seem to be recycling several topics and issues.

On 8/7/08 11:31 PM, "George Kirikos" <fastflux@xxxxxxxx> wrote:

Hello,

On Thu, Aug 7, 2008 at 11:17 PM, Marc Perkel <marc@xxxxxxxxxx> wrote:
> This is the "Fast Flux" group but Fast Flux by itself isn't the problem.

Exactly. As I was pointing out elsewhere (not sure if it got reposted
to this list or not), fast flux can be used for "high availability"
which is something EVERYONE wants. Just because criminals adopted
"best practices" doesn't mean that everyone else should be blocked
from using that technique, especially in the future.

> It's fast flux used by people who everyone can agree are criminals. (Chinese
> disidents trying to get the word out about oppression in Tibet - NO. Mafia
> pretending to be a bank to trick you out of your password and steal your
> money - YES)

Right, that's when it starts to get difficult to "automate", as not
everyone is going to agree that XYZ are criminals. Some "criminals"
(or "undesirables") will still slip through the cracks, but at some
point we'll have to leave a solution that's still vulnerable to that,
but that shifts the burden of going after those smaller numbers to
someone else using different tools.

> So - what is our mission officially? Is it stopping phishing?

You're not alone in wondering here.....

Sincerely,

George Kirikos
www.LEAP.com

Follow-Ups:
- Re: [gnso-ff-pdp-may08] Abuse in general
  - From: George Kirikos
- Re: [gnso-ff-pdp-may08] Abuse in general
  - From: Marc Perkel

References:
- Re: [gnso-ff-pdp-may08] Abuse in general
  - From: George Kirikos

<<< Chronological Index >>> <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy