ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps

  • To: rod.rasmussen@xxxxxxxxxxxxxxxxxxxx
  • Subject: Re: [gnso-ff-pdp-may08] Comment References, Interim Conclusions and Next Steps
  • From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 3 Jun 2009 10:29:42 -0700

Rod mentioned:

#  In conclusions, I think we had an important consensus that, "any
#  automated technique for detecting fast flux domains requires human
#  interpretation of the results and examination of the evidence to
#  confirm the presence of malicious or proscribed activities."

I'd disagree with that. Using the Mannheim Formula, you can automatically
screen domains for fast flux characteristics, and you only need human
review as a belt-and-suspenders backup to insure that you don't 
accidentally tag something that shouldn't be tagged (false positive).

It is the difference between "every antique painting submited to be 
auctioned needs to be carefully scrutinized by a specially trained 
anti-forgery expert using complex and arcane methods" to "anyone 
can spot at least some forgeries by virtue of the fact that rather
than being painted on canvas, they're printed on heavy paper stock
with a Posters-R-Us barcode on the back."

There's also a risk of false negatives (missing a real FF domain that
doesn't trigger the formula, although it is hard to see how that might
work if we're really talking about a true fastflux domain). 

Regards,

Joe



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy