ge at linuxbox.org
Tue Mar 14 09:47:16 UTC 2006
Simon Waters wrote:
So.. ICANN, the domain name's importance to phishing and what registrars
can do, in that order.
> I thought we established last month that deleting domain names is a very good
> way of messing up the entire Internet. See the thread on losing entire data
The domain today is the weak spot we need to hit. Using fast-flux,
spammers (phishers), VX-ers, etc. jump from IP to IP even every 10
minutes. Whack-a-mole itself becomes impossible.
Kill the domain (or the DNS RR) and you destroy the bottle-neck.
Bad guys already seem to be bouncing back from the blacklisting of
entire bulk registrations. They used to say, register 5K domains and use
them as throw-away. Now we can black-list all of them ahead of time. Or
at least we could do so, now they are already bouncing back with their
new evolution in the whack-a-mole game.
Terminate a DNS RR and they just create new ones, but the short-term
effect, if you can make it happen, it worth it for TODAY.
Terminate the domains (one doesn't really help) and you cost them money.
> If you have any useful proposals on how registrars might be of use in
> defending against botnets, I'm sure ICANN and friends are all ears. But
> unless you've found an amplification attack using whois servers, it probably
> isn't something the registrars can help you with.
ICANN from the part I know them - the registrars and security front, are
good people. They do good under their own constraints. We should stick
to putting them down for so called "governance" issues.
ICANN domain termination though is a useless process in practicality.
> There is some discussion on phishing, but even here it isn't clear what a
> registrar could do, and most phishing these days doesn't involve the
> registrars at all.
I am not sure what the numbers are, but most phishing seems to involve
this or that registrar. Many of the registrars today are extremely
responsive. Godaddy showed that much, despite what people may think of
their actions. I wonder, did we ever get their side of the story?
All that aside, as I don't want to start that war again, many of the key
registrars today are sitting on the reg-ops operational list and respond
to new reports in semi-real time. They can't deal with the volume due to
obvious limitations in how the process works, but anything reported to
them gets checked into in a reasonable time, and acted upon.
There are some blackhat registrars (mostly resellers), but that wasn't
what we were discussing.
> Randy's original comment was misplaced, it was the content, not the domain
> name he was objecting to. Deleting domain names is a very extreme, and oft
> times ineffective, way of trying to remove content.
> We've have enough trouble with ISPs with knee-jerk reactions to objectionable
> content, we don't need registrars adopting the same daft policies, or the
> Internet would collapse in a few weeks.
The Internet is not going to die tomorrow.
The domains reported are 2 out of a ... a lot, today alone. I think
maybe we should all start sending in every bad domain we find into
Sorry for the wake-up call, but how many domains out of those registered
do you figure are legit or have legit contact information?
More information about the NANOG