ICANN Email Archives: [gnso-ff-pdp-may08]

ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Abuse in general

To: "gnso-ff-pdp-May08@xxxxxxxxx" <gnso-ff-pdp-May08@xxxxxxxxx>
Subject: Re: [gnso-ff-pdp-may08] Abuse in general
From: "George Kirikos" <fastflux@xxxxxxxx>
Date: Fri, 8 Aug 2008 10:46:14 -0400

Oops, apologies if anyone receives the following emails twice, as I
mistakenly sent email to the list from the wrong "From" address (and
presumably they got rejected). Here they are, together:

Email #1:

Right. Going by the *chronology* of the definition:

https://st.icann.org/pdp-wg-ff/index.cgi?definition_chronology

"Note that neither paper defines "fast flux" as a necessarily criminal
usage of a technique, and neither assigns the term a social meaning or
value. The GNSO Issues Report has one term for the technique, and a
separate term for the criminal use of the technique.

However, many in the security arena use the term "fast flux" to mean
the DNS technique used _with_criminal purpose. This conflated
definition is in that community's general lexicon, and may have even
been the original meaning or first use of the term "fast flux."

It is generally accepted that the great majority of real-world
implementations of fast flux are indeed criminal. However, to use the
term "fast flux" as synonymous with criminal intent leaves us with no
terminology for non-criminal uses. One posible solution is the refer to
"non-criminal fast flux;" other suggestions welcome."

I'll define "criminal + non-criminal fast flux " as "Bunny Rabbit
Networks". Bunnies can be good or bad -- that label is agnostic. And,
as per the prior email, "Evil Bunny" would be equivalent to what some
folks are calling "fast flux", i.e. all the malicious uses.

Doing a search in Google for "bunny rabbit networks" reveals no
results, so it looks like a term that can be used without conflicting
with any prior usage.

Email #2:

Hi Dave,

On Fri, Aug 8, 2008 at 10:33 AM, Dave Piscitello
<dave.piscitello@xxxxxxxxx> wrote:
> I'm OK with the bunny rabbit thing.
>
> All I ask is that when you use fast flux, you use it in the context of the
> definition we've adopted.

Agreed. I'll do so from now on, but as the chronology demonstrates,
there's been a void in describing the non-criminal aspects, and
hopefully now that we have a proper term to call the underlying
technology (content agnostic) we can avoid confusion (although some
people will still refer to fast flux using a broader definition; just
not us).

> Utter bunny rabbit, phlorx, or whatever you choose when you want to talk
> about a network that uses short TTLs but lacks  the other characteristics we
> associate with fast flux.
>
> Bunny rabbit network might actually work, since few people associate bunnies
> with bad acts.

Right, most bunnies are fluffy and cute. But, then you have other
bunnies......see the movie "Hoodwinked", for example:

http://www.imdb.com/title/tt0443536/

or Donnie Darko!

http://www.imdb.com/title/tt0246578/

Conference call in 15 minutes....ciao.

Sincerely,

George Kirikos
www.LEAP.com

References:
- Re: [gnso-ff-pdp-may08] Abuse in general
  - From: RLVaughn
- Re: [gnso-ff-pdp-may08] Abuse in general
  - From: Dave Piscitello

<<< Chronological Index >>> <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy