warfare and the Internet [was: ICANN opens up Pandora's Box of new TLDs]
Gadi Evron
ge at linuxbox.org
Sat Jun 28 05:49:27 UTC 2008
I forgot to change the subject line, apologies.
On Sat, 28 Jun 2008, Gadi Evron wrote:
> On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:
>>
>> I just know who should be held for further processing @ the gate.
>
> This is getting off-topic, so let's continue the discussion for a couple more
> emails to see if we can bring it back on-topic to network operations, and
> then stop if not?
>
>> Which is good enough, in this case.
>>
>> "What is the object of defense? Preservation. It is easier to hold
>> ground than take it. . . defense is the stronger form of waging war"
>>
>> Carl Von Clausewitz
>
> Which, while valid in many cases, some of them on the Internet, is in most
> online cases--false. This is a statement by someone much lesser than
> Clausewitz--me.
>
> It is however, an educated opinion, and chronologically up to date.
>
> Attack is a much easier form of fighting, online (let's leave war out of it).
> For the sake of logic I will base this on two discussion points:
>
> In security, all you need to attack is one hole, one vulnerability. As a
> defender you need to defend against everything, anywhere. This is why risk
> analysis exists, which brings us to another point from Karl--
>
> Changing the words to fit our needs, Clausewitz also believed wars are won by
> numbers, if you have more you win (Think the American Civil War). Strategy
> starts when you have less numbers, by where you choose to apply your
> forces--where it counts. Tying it with the point above is the basics of risk
> analysis in military terms.
>
> In security and information warfare, whlle numbers are "nice to have" and
> make operations larger and more sophisticated--they are not necessary, our
> rivals may be just a kid the same as they can be a nation-state. The cost of
> entry is low, anonymity is potentially (under the right conditions) assured.
>
> In my article for the Georgetown Journal of International Affairs on the war
> in Estonia, I mentioned how Martin van Creveld said decades ago how we will
> be facing "organizations" rather than just countries. He was laughed at and
> later obviously vidincated (think terrorism as one example).
>
> Today it's much worse than that, and I state the game can be played by
> individuals, ad-hoc groups and populations (not necessarily under any flag or
> leadership, think Estonia).
>
> Gadi.
>
>
>>
>>
>>> -----Original Message-----
>>> From: Gadi Evron [mailto:ge at linuxbox.org]
>>> Sent: Friday, June 27, 2008 8:33 PM
>>> To: Tomas L. Byrnes
>>> Cc: Christopher Morrow; Roger Marquis; nanog at nanog.org
>>> Subject: RE: ICANN opens up Pandora's Box of new TLDs
>>>
>>> On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:
>>>> These issues are not separate and distinct, but rather related.
>>>>
>>>> A graduated level of analysis of membership in any of the sets of:
>>>>
>>>> 1: Recently registered domain.
>>>>
>>>> 2: Short TTL
>>>>
>>>> 3: Appearance in DShield, Shadowserver, Cyber-TA and other
>>> sensor lists.
>>>>
>>>> 4: Invalid/Non-responsive RP info in Whois
>>>>
>>>> Create a pretty good profile of someone you probably don't want to
>>>> accept traffic from.
>>>>
>>>> Conflation is bad, recognizing that each metric has value, and some
>>>> correlation of membership in more than one set has even
>>> more value, as
>>>> indicating a likely criminal node, is good.
>>>>
>>>> YMMV.
>>>>
>>>> I guess, if you have perfect malware signatures, code with
>>> no errors,
>>>> and vigilance the Marines on the wire @ gitmo would envy, you can
>>>> accept traffic from everywhere.
>>>
>>> Not quite, because you still won't know who to send the Marines to
>>> kill.
>>> The Internet is perfect for plausible deniability.
>>>
>>> Gadi.
>>>
>>>>
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: Christopher Morrow [mailto:morrowc.lists at gmail.com]
>>>>> Sent: Friday, June 27, 2008 7:23 PM
>>>>> To: Roger Marquis
>>>>> Cc: nanog at nanog.org
>>>>> Subject: Re: ICANN opens up Pandora's Box of new TLDs
>>>>>
>>>>> On Fri, Jun 27, 2008 at 4:32 PM, Roger Marquis <marquis at roble.com>
>>>>> wrote:
>>>>>> Phil Regnauld wrote:
>>>>>> apply even cursory tests for domain name validity. Phishers and
>>>>>> spammers will have a field day with the inevitable namespace
>>>>>> collisions. It is, however, unfortunately consistent with ICANN's
>>>>>> inability to address other security issues such as fast
>>> flush DNS,
>>>>>> domain tasting (botnets), and requiring valid domain contacts.
>>>>>>
>>>>>
>>>>> Please do not conflate:
>>>>>
>>>>> 1) Fast flux
>>>>> 2) Botnets
>>>>> 3) Domain tasting
>>>>> 4) valid contact info
>>>>>
>>>>> These are separate and distinct issues... I'd point out
>>> that FastFlux
>>>>> is actually sort of how Akamai does it's job (inconsistent dns
>>>>> responses), Double-Flux (at least the traditional DF) isn't though
>>>>> certainly Akamai COULD do something similar to Double-Flux (and
>>>>> arguably does with some bits their services. The particular form
>>>>> 'Double-Flux' is certainly troublesome, but arguably
>>> TOS/AUP info at
>>>>> Registrars already deals with most of this because #4 in your list
>>>>> would apply... That or use of the domain for clearly illicit ends.
>>>>> Also, perhaps just not having Registrar's that solely deal in
>>>>> criminal activities would make this harder to accomplish...
>>>>>
>>>>> Botnets clearly are bad... I'm not sure they are related
>>> to ICANN in
>>>>> any real way though, so that seems like a red herring in the
>>>>> discussion.
>>>>>
>>>>> Domain tasting has solutions on the table (thanks drc for
>>>>> linkages) but was a side effect of some
>>>>> customer-satisfaction/buyers-remorse
>>>>> loopholes placed in the regs... the fact that someone figured out
>>>>> that computers could be used to take advantage of that
>>> loophole on a
>>>>> massive scale isn't super surprising. In the end though,
>>> it's getting
>>>>> fixed, perhaps slower than we'd all prefer, but still.
>>>>>
>>>>>> I have to conclude that ICANN has failed, simply failed,
>>>>> and should be
>>>>>> returned to the US government. Perhaps the DHL would at
>>>>> least solicit
>>>>>> for RFCs from the security community.
>>>>>
>>>>> I'm not sure a shipping company really is the best place
>>> to solicit...
>>>>> or did you mean DHS? and why on gods green earth would you
>>> want them
>>>>> involved with this?
>>>>>
>>>>> -chris
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
More information about the NANOG
mailing list