Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)

[Dave Piscitello <dave.piscitello@xxxxxxxxx>]

On 9/17/08 5:08 PM, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx> wrote:

> Actually, I *don't* think changes on the legitimate side of things would
> evolve to look more flux-like -- you simply wouldn't see that many
> distinct ASNs in use, for example. (But I continue to be very interested
> in actual examples of this sort of thing that I can eyeball and analyze)

This is an important observation, backed in part by at least one data set I
posted earlier: of the domains associated with fast flux attack networks,
635 had IP addresses from 200+ ASNs. That's a whole lotta ASNs for any CDN,
for example, to deal with.

> Publicly verifiable data is a must I think.

I have the spreadsheets with the domains, you can work back from them if you
wish.


> #One would
> #think that since they can continue registering new domains easily,

This is the part of the attack vector I wish registrars would pay more
attention to. The business side wants to register names in real time.
Revenue takes precedence over verification. Why does it matter so little
that the identity's impersonated or the credit card is stolen? Is the cost
of doing business based on asserting an identity using even so simple a
measure as an email confirmation so onerous? Personally, I think domains
should cost more to register (heresy?) and the added cost should offer the
registrant and users better protection against fraud and abuse.