RE: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)

["Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>]

I agree with Dave re registration verification, and that is an important
potential remedy or best practice to elaborate upon in our Report.

-Mike R.

-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
Sent: Wednesday, September 17, 2008 2:26 PM
To: Joe St Sauver; fastflux@xxxxxxxx
Cc: gnso-ff-pdp-May08@xxxxxxxxx
Subject: Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)


On 9/17/08 5:08 PM, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx> wrote:

> Actually, I *don't* think changes on the legitimate side of things would
> evolve to look more flux-like -- you simply wouldn't see that many
> distinct ASNs in use, for example. (But I continue to be very interested
> in actual examples of this sort of thing that I can eyeball and analyze)

This is an important observation, backed in part by at least one data set I
posted earlier: of the domains associated with fast flux attack networks,
635 had IP addresses from 200+ ASNs. That's a whole lotta ASNs for any CDN,
for example, to deal with.

> Publicly verifiable data is a must I think.

I have the spreadsheets with the domains, you can work back from them if you
wish.


> #One would
> #think that since they can continue registering new domains easily,

This is the part of the attack vector I wish registrars would pay more
attention to. The business side wants to register names in real time.
Revenue takes precedence over verification. Why does it matter so little
that the identity's impersonated or the credit card is stolen? Is the cost
of doing business based on asserting an identity using even so simple a
measure as an email confirmation so onerous? Personally, I think domains
should cost more to register (heresy?) and the added cost should offer the
registrant and users better protection against fraud and abuse.