Q: What do ISPs really think about security issues?

Eric Brunner-Williams brunner at nic-naa.net
Thu Jan 10 19:39:08 UTC 2008


Paul (and the list, in the off chance my mail makes it to the list),

In defense of NetSol's practice of "frontrunning" (run whois for some 
wicked unlikely name, say n digits of pi, observed if unregistered, if 
not, then go to NetSol's retail registrar site and check that string is 
available, say in the .com zone, do nothing else, then run the whois 
again and observe if the string is still available), the following claim 
has been made:

begin quote:
We are protecting our customers who come to our website, check
availability of a name, and come back a few hours or a day later with
the intention to purchase to find that the name is no longer available,
as it has been taken by a taster. In such cases, the customer typically
blames the registrar. In reality, however, the search information was
sold to the taster by a registry or ISP and was not the registrar's
fault.
end quote.

The "in reality" portion of this assertion is the one I'm interested in 
-- the assertion that "search information was sold ... by a ... ISP".

At the last open SSAC meeting (ICANN Los Angeles, November 2007), there 
was considerable interest in "frontrunning", but no one could point to 
anything other than anecdotal "evidence" for the existence, let alone 
the scope of "frontrunning, and personally I thought it was like 
Bigfoot, a non-issue pumped up at the expense of known existing issues. 
Obviously, I can't tell a hawk from a handsaw.

Can anyone confirm, or deny, that some ISP sells "search information" 
which is sufficiently timely to support the claim above, that is, that 
(problematic use of the "add grace period") registration(s) by "domain 
tasters" can be correlated with the ISP?

Nominally, "frontrunners" are Bad Guys (tm), or at least that was the 
hum-of-the-SSAC room in LA last November, and also nominally, "tasters" 
are Bad(ish) Gals (tm), and in general, the assertion is that there are 
bad actors who pay ISPs for data necessary for bad actions.

Note that I assume there are "bad registrars", as we've now over 1k of 
the little darlings now, and some are shells for the secondary auction 
market and the 2pm VGRS drop, and some are shells for other, more novel 
forms of monitizing a registrar accreditation that do not involve 
offering registrations to the public.

Eric
(yes, I operate a registrar which neither frontruns nor tastes nor does 
bulk blind sales nor ... makes money)

Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As some of you may know, my primary job these days is tracking down
> Bad Guys (tm), identifying threats, etc.
>
> But enough of that.
>
> One of my primary concerns has been, unsuccessfully, engaging the
> networking community.
>
> Why is that?
>
> This "issue" is not imagined, nor is it a scare tactic -- it has,
> for lack of a better analogy, grown in proportions only proportional
> to the lack of engagement from ISPs.
>
> ISPs have really, really been absent from the discussion, for various
> reasons.
>
> Is this a topic that the NANOG community would like to discuss in
> a serious manner?
>
> I'm just curious, because I'm considering submitting a "lightning
> talk" at the upcoming San Jose NANOG, just to gauge & present some
> of the major issues that we are seeing that could really use your
> assistance.
>
> Any input?
>
> - - ferg
>
> p.s. Oh, highly recommended video short (bigger bonus: Marcus
> Ranum cameo):
>
> http://www.youtube.com/watch?v=-5zxOLZ5jXM
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.3 (Build 3017)
>
> wj8DBQFHheNKq1pz9mNUZTMRArb7AJ0ePkj+8rc88Z9V/3DP5OmnFvgdYgCeKSIa
> aqw3Qj3Kdl47LZqpjrdk/0E=
> =Iray
> -----END PGP SIGNATURE-----
>
>  
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
>
>   




More information about the NANOG mailing list