summarising [was: Re: ICANNs role]

• Previous message (by thread): summarising [was: Re: ICANNs role]
• Next message (by thread): summarising [was: Re: ICANNs role]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 3, 2007, at 3:29 PM, Sam Stickland wrote:
>
> Maybe it would make sense for someone to reiterate what types of  
> abuse DNS is facilitating? I believe what Gadi was getting at was  
> mainly the ability to use fake details to register a domain, and  
> then very rapidly cycling the A records through a wide range of  
> hosts, attempting to avoid detection. As opposed to there actually  
> being fundamental flaws open to abuse in a system that maps names  
> to IP addresses.

Despite doubts several stated about creating a fairly comprehensive  
view of the Internet landscape, dedicated systems working in unison  
do keep fairly close tabs on what is what.  Threat information is  
then pushed to the edge (as some would call it).  The abuse of  
registries has been able to thwart the effectiveness in dealing with  
much of the threat landscape as it undergoes a transformation every  
few minutes.  The latency in distributing threat information prevents  
its protection from being as effective as it should be when facing  
undefined threats within a rapidly transforming environment.

No one wants to wait for security checks while browsing.  This  
information must be preprocess and "at the ready", or the Internet  
starts to feel rather slow and broken.  By slowing down registry  
updates and even providing a preview of upcoming changes will allow  
security to become much faster in providing comprehensive answers,  
and make browsing seem unimpaired (as it should be).

There is no need for rapidly unannounced updates by the registries.   
Getting a commerce site set up in milliseconds all to often benefits  
those wishing to abuse this immediacy.  Would it really be that hard  
to say "Confirm the operation of DNS for this website at this time  
tomorrow."?  Just because this information can be published within a  
few milliseconds, does not make doing so a good idea.  It would be a  
better for security reasons to offer this information for review  
first well before it goes "live".

The price for pushing protective information to the edge by just one  
company fighting this blitz krieg is simply astounding.  In addition,  
there are costs incurred by the reduced protection caused as well.   
Whether it is click fraud, botnets C&Cs, phishing sites, etcetera,  
etcetera.  Slowing registries and offering a preview can dramatically  
shift the balance in this faltering struggle.  There are many  
security concerns that can make extremely good use of this  
information without depending upon some centralized policing that  
never seems to be sufficient or effective as to be noticeable.

It is not obvious how the daily 5 million domain name churn driven by  
an astounding high level of fraud and identity thief can be slowed.   
Perhaps we will all soon need a cryptographic fob instead of a wrist  
watch to accompany our other pieces of identification.  Stabilizing  
the landscape can better ensure system owners have a better idea when  
they are entering dangerous territory.  This alone should help them  
keep their systems as safe as possible in the face of unknown  
threats.  Tracking all this information may seem daunting, but is  
there any other practical alternative?

-Doug

• Previous message (by thread): summarising [was: Re: ICANNs role]
• Next message (by thread): summarising [was: Re: ICANNs role]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]