<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)
- To: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>, "icann@xxxxxxxxxxxxxx" <icann@xxxxxxxxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] Re: Mannheim score concerns (minority view)
- From: Dave Piscitello <dave.piscitello@xxxxxxxxx>
- Date: Thu, 18 Sep 2008 05:09:33 -0700
Speaking as an individual, not SSAC nor ICANN staff...
Joe reminds me that one of the characteristics of domains associated with fast
flux attack networks is registration information that is incomplete,
inaccurate, or fraudulently created. I would propose that we add this to the
list of characteristics I submitted.
I also think it's helpful to observe that by adding this, we have 2
characteristics that distinguish attack applications of FF from beneficial
applications:
* elements of the attack network run on compromised computers
* whois records are fraudently created (e.g., using stolen identities or
payment methods)
Based on the discussion among at least 4 members in this thread, I would hope
we could also observe that
* incomplete or inaccurate whois records are problematic because such
records can be found among malefactors who run FF networks for attack purposes
as well as parties who use FF for beneficial purposes
* malefactors benefit from registration documentation practices that are not
effective in collecting and maintaining accurate and complete registration
records, and thus...
* efforts to maintain more accurate and complete registration records from
registrants is one of several actions that could reduce domain name misuse and
to some extent, also reduce the use of domain names in the fast flux attacks.
This is not saying "change WHOIS" but saying "take measures to improve the
quality of data collected, maintained, and published via WHOIS". I think this
is within our remit, perhaps Liz or Chuck or Avri could confirm.
On 9/18/08 1:10 AM, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx> wrote:
Mike Rodenbaugh mentioned:
#I agree with Dave re registration verification, and that is an important
#potential remedy or best practice to elaborate upon in our Report.
"Me three" on this point.
One procedural issue, however: I distinctly recall that early on
stuff related to whois (and I view registration verification as
being intimately related to the whois topic) as being declared
"out of scope."
Has that/can that declaration be rescinded? If so, I think that
would be GREAT, because there is a clear pattern that the folks
who do criminal fast flux also tend to have bad/missing whois,
and having whois-related fixes in scope would really free up
the set of potential solutions which could be potentially pursued.
Regards,
Joe
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|