Re: [gnso-ff-pdp-may08] Abuse in general

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

I'm OK with the bunny rabbit thing.

All I ask is that when you use fast flux, you use it in the context of the 
definition we've adopted.

Uttering or typing "fast flux" in this group should evoke the kind of 
instinctive response Randy exhibited: vampire, malicious, bad, ... The thing 
our group is trying to stop".

Utter bunny rabbit, phlorx, or whatever you choose when you want to talk about 
a network that uses short TTLs but lacks  the other characteristics we 
associate with fast flux.

Bunny rabbit network might actually work, since few people associate bunnies 
with bad acts.


On 8/8/08 10:27 AM, "RLVaughn" <RL_Vaughn@xxxxxxxxxx> wrote:



That is correct George.   We have Bunny Rabbit networks and
Vampire Bunny Rabbit networks.  Although not all Bunny Rabbit
Networks use DNS and all Vampire Bunny Rabbit Networks, that we
know of, do.

BTW, I have to miss today's phone call.

George Kirikos wrote:
> In other words, all "Fast Flux" networks would be "Bunny Rabbit
> Networks". But, not all "Bunny Rabbit Networks" are "fast flux"
> networks, using your definition of "fast flux."
>
> Sincerely,
>
> George Kirikos
> www.LEAP.com
>
> On Fri, Aug 8, 2008 at 10:15 AM, George Kirikos <fastflux@xxxxxxxx> wrote:
>> Hello,
>>
>> On Fri, Aug 8, 2008 at 9:36 AM, Dave Piscitello
>> <dave.piscitello@xxxxxxxxx> wrote:
>>> The criminals may have adopted short TTLs but that's not the only marker.
>>> Anyone who looks at a DNS configuration, sees a short TTL, and concludes
>>> "this is a fast flux attack" is going to be wrong. And we have already
>>> agreed to this point.
>> I'm fully aware of the differences, involving round robin DNS, and
>> other factors. It's a question of semantics. i.e. if you *define*
>> "Fast Flux" as involving compromised hosts, as per the Wiki:
>>
>> https://st.icann.org/pdp-wg-ff/index.cgi?initial_draft_definitions
>>
>> and "malicious content costs"  then you're talking about one thing.
>> The underlying technology, though, is content neutral. Suppose I call
>> the underlying technology as "Bunny Rabbit Networks" (which do a lot
>> of "hopping"), for lack of a better term, i.e. all the identical
>> technological aspects, but excluding anything that's illegal or
>> involving compromised. e.g. used for torrents, free speech or other
>> legitimate applications that might not even exist yet.
>>
>> We want to make sure that "Bunny Rabbit Networks" can continue (which
>> some folks might call "Fast Flux *TECHNOLOGY*"), but bar the malicious
>> aspects (which you define implicitly as "fast flux" to include the
>> criminal and malcious aspects).
>>
>> It's like some people perhaps defining a "Death Ray" as a laser that
>> is used by malicious countries to shoot down innocent citizens. If
>> "Death Ray Technology" can be used for something else (e.g. improving
>> crop yields through focused energy), we don't want to ban the lasers
>> themselves.
>>
>> Sincerely,
>>
>> George Kirikos
>> www.LEAP.com
>>