-Original Message-
Sent: Monday, April 02, 2007 9:36 PM
To: David Conrad
Cc: Joseph S D Yao; nanog
Subject: Re: On-going Internet Emergency and Domain Names
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM
On Sat, 2007-04-07 at 14:43 -0500, Frank Bulk wrote:
One of the reasons that registrars are slow to take down sites that are paid
with a credit card is because there is little financial incentive to do
so.
Also there is the customer numbers affect, most often seen with public
companies or
Paul Vixie wrote:
...
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
As to blacklisting, it's not my favorite solution but rather a limited
alternative I also saw you mention on occasion. What alternatives do you
offer which we can use
On Mon, 2 Apr 2007, David Conrad wrote:
Even if a delay were imposed, I'm not sure I see how this would actually help
as I would assume it would require folks to actually look at the list of newly
created domains and discriminate between the ones that were created for good
and the ones
On Tue, Apr 03, 2007, Tony Finch wrote:
On Mon, 2 Apr 2007, David Conrad wrote:
Even if a delay were imposed, I'm not sure I see how this would actually
help
as I would assume it would require folks to actually look at the list of
newly
created domains and discriminate between
On 2 Apr 2007, at 21:21, Lasher, Donn wrote:
Rather, I thought a lot more providers would actually be blocking
outbound
25 except to their SMTP servers. Just brought up a new mail server
for a
friend; moved an old (14+ year) domain.. I was amazed at the number of
connections from rr.com,
On Tue, 3 Apr 2007, Adrian Chadd wrote:
On Tue, Apr 03, 2007, Tony Finch wrote:
On Mon, 2 Apr 2007, David Conrad wrote:
Even if a delay were imposed, I'm not sure I see how this would actually
help
as I would assume it would require folks to actually look at the list of
I think this might be a bit in conflict with efforts
registries have
to reduce the turnaround in zone modification to the order
of tens of
minutes.
Why is this necessary? Other than the cool factor.
I think the question is why should the Internet be constrained to
engineering
On Tue, 2007-04-03 at 12:43 +0100, [EMAIL PROTECTED] wrote:
Well, I think the question is, why to new domain additions have to be
lumped in with all other zone changes and updated within minutes? Why
can't new domain additions be treated specially and be held back for a
day or two in order to
created domains and discriminate between the ones that were created for good
and the ones created for ill. How would one do this?
A good start would be to forbid the delegation of newly-registered
domains that have not yet been paid for.
I am not aware of any registrars that extend credit
Gadi,
4 days and 56 messages later... no pieces of the sky have hit me on the head
yet. Trolling NANOG-L is as productive as ever. How long until you troll us
again? Will it be another INTERNET EMERGENCY or just a provocative
statement that starts a 50-message OT argument about botnets?
On Wed, 4 Apr 2007, Albert Meyer wrote:
Gadi,
4 days and 56 messages later... no pieces of the sky have hit me on the head
yet. Trolling NANOG-L is as productive as ever. How long until you troll us
again? Will it be another INTERNET EMERGENCY or just a provocative
statement that
On 1-Apr-2007, at 22:30, Gadi Evron wrote:
But building a wall to protect your port from attacks by pirates
will not
make the pirates go away, and unfortunately, we can't convince
everybody
to build walls and our security is nwoadays dependent on others'.
If you consider the possibility
On Mon, 2 Apr 2007, Joe Abley wrote:
On 1-Apr-2007, at 22:30, Gadi Evron wrote:
But building a wall to protect your port from attacks by pirates
will not
make the pirates go away, and unfortunately, we can't convince
everybody
to build walls and our security is nwoadays
You got me there. I will add:
You can NEVER make the Pirates go away but;
You can make sure they never enter your seas
At which point, they take to land. The real issue at heart here is that some
people wish to pursue evil means, and will change tactics and seek out
weaknesses wherever they
On 1-Apr-2007, at 22:30, Gadi Evron wrote:
But building a wall to protect your port from attacks by pirates
will not
make the pirates go away, and unfortunately, we can't convince
everybody
to build walls and our security is nwoadays dependent on others'.
If you consider the
On Mon, 2 Apr 2007, Andy Johnson wrote:
weaknesses wherever they may find them. Today it might be weak verification
of domain registry infrastructure, tomorrow it might be exploiting some p2p
network.
so, what exactly is the problem with registrations? One of the problems I
see is with a
On Apr 1, 2007, at 8:15 PM, Roland Dobbins wrote:
On Apr 1, 2007, at 6:16 PM, Douglas Otis wrote:
Reacting to new domains after the fact is often too late.
What happens when they're wrong?
Most assessments are fairly straight forward. As with any form of
protection, there may be
so, what exactly is the problem with registrations? One of the problems I
see is with a seeming lack of follow-through on fraudulently purchased
domains. Another is a seemingly long time to remove domains that are 'up
to no good'.
Agreed with on both points. See below for view of the
You got me there. I will add:
You can NEVER make the Pirates go away but;
You can make sure they never enter your seas
Enough analogies though. :)
The Flying Spaghetti Monster is not at all happy about this talk of
stopping pirates. He will likely smite you all with his noodly appendage.
On Apr 1, 2007, at 6:16 PM, Douglas Otis wrote:
Until Internet commerce requires some physical proof of identity,
fraud
will continue.
As has already been stated, this is hardly a guarantee.
It seems to me that we're in danger of straying into déformation
professionnelle.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Peter Dambier
Sent: Saturday, March 31, 2007 4:46 AM
To: nanog@merit.edu
Subject: Re: On-going Internet Emergency and Domain Names
Port 25 is bad. It has been blocked.
I thought that.
Rather, I thought
On Apr 2, 2007, at 11:07 AM, Roland Dobbins wrote:
On Apr 1, 2007, at 6:16 PM, Douglas Otis wrote:
Until Internet commerce requires some physical proof of identity,
fraud will continue.
As has already been stated, this is hardly a guarantee.
It seems to me that we're in danger of
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the
next day's zone. A preview can reduce the amount of protective
data required, and increase the timeframe alloted to push
correlated threat information to the edge. This
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the
next day's zone.
I think this might be a bit in conflict with efforts registries have
to reduce the turnaround in zone modification to the order of tens of
minutes.
Rgds,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- David Conrad [EMAIL PROTECTED] wrote:
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the
next day's zone.
I think this might be a bit in conflict with efforts registries have
On Fri, Mar 30, 2007 at 09:18:07PM -0500, Gadi Evron wrote:
There is a current on-going Internet emergency: ...
Having just read and deleted somewhere between 100 and 400 messages on
this, I don't really want to add to the noise. I hope there's some
signal here.
One thing is clear, that Gadi
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the
next day's zone.
I think this might be a bit in conflict with efforts registries have
to reduce the
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
I'm not clear what this realm actually is.
Abuse and Security (non infrastructure).
Well, ICANN is supposed to look after the security and stability of
the
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
I think this might be a bit in conflict with efforts registries have
to reduce the turnaround in zone modification to the order of tens of
minutes.
Why is this necessary? Other
From: David Conrad [EMAIL PROTECTED]
Subject: Re: On-going Internet Emergency and Domain Names
Date: Mon, 2 Apr 2007 17:33:08 -0700
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a preview of the
next day's zone.
I think this might
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
I think this might be a bit in conflict with efforts registries have
to reduce the turnaround in zone modification to the order of
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
I think this might be a bit in conflict with efforts registries have
to reduce the turnaround in zone modification to the order of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- David Conrad [EMAIL PROTECTED] wrote:
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
I think this might be a bit in conflict with efforts registries have to
reduce the
On Apr 2, 2007, at 6:29 PM, David Conrad wrote:
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
I'm not clear what this realm actually is.
Abuse and Security (non infrastructure).
Well, ICANN is
On Mon, Apr 02, 2007 at 09:53:19PM -0500, Robert Bonomi wrote:
...
This is getting far afield from 'network operations', but the underlying
issue is really quite simple: There are *NO*PENALTIES* for registering
'bogus' domains. The registry operator has -no- (financial) incentive
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Joseph S D Yao [EMAIL PROTECTED] wrote:
See the aforementioned restock fees presented to ICANN. How much of a
disincentive would they be?
Not much, I would think.
http://www.icann.org/minutes/resolutions-22nov06.htm
Unless you have a more
On Apr 2, 2007, at 10:27 PM, Douglas Otis wrote:
The suggestion was to preview the addition of domains 24 hours in
advance of being published. This can identify look-alike and cousin
domain exploits, and establish a watch list when necessary. A preview
provides valuable information for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Correction:
- -- Fergie [EMAIL PROTECTED] wrote:
-- Joseph S D Yao [EMAIL PROTECTED] wrote:
See the aforementioned restock fees presented to ICANN. How much of a
disincentive would they be?
Not much, I would think.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Patrick Giagnocavo [EMAIL PROTECTED] wrote:
On Apr 2, 2007, at 10:27 PM, Douglas Otis wrote:
The suggestion was to preview the addition of domains 24 hours in
advance of being published. This can identify look-alike and cousin
domain
On Sat, 31 Mar 2007, Jeff Shultz wrote:
Does that sound about right?
If ISPs cannot be forced into running a 24/7/365 response function, I
don't see the registry/registrars doing it.
Solving this at the DNS level is just silly, if you want to solve it it
either you get to the core (block
Fergie wrote:
I would posit that it does when criminals are able to abuse the
system.
Almost any system can be abused by people with bad intentions. I
am a strong advocate to not holding back on features, tools, new
technologies or whatever merely because someone could abuse with
it. The
On Sun, 1 Apr 2007, Mikael Abrahamsson wrote:
net today that has made it into the raging success it is today. It's not
perfect, but it works, and it doesn't have a single point of failure.
You just lost my respect for the remainder of this thread. :)
... and people have very bad
On Sat, 31 Mar 2007, Paul Vixie wrote:
at the other end, authority servers which means registries and registrars
ought, as you've oft said, be more responsible about ripping down domains
used by bad people. whether phish, malware, whatever. what we need is some
kind of public shaming
On Sun, 1 Apr 2007, Mikael Abrahamsson wrote:
If ISPs cannot be forced into running a 24/7/365 response function,
I don't see the registry/registrars doing it.
Maybe if a body with the proper authority to penalize the ISP's were
in order this wouldn't be an issue. Look at BGP dampening and
Summary:
The US Department of Homeland Security (DHS) ...
wants to have the key to sign the DNS root zone
solidly in the hands of the US government.
This ultimate master key would then allow
authorities to track DNS Security Extensions
(DNSSec) all the way back to the servers that
represent the
Paul Vixie wrote:
on any given day, there's always something broken somewhere.
in dns, there's always something broken everywhere.
The catch-phrases you come up with are delightful. Catchy and deeply useful.
Would that more folk would take them to heart, for their implications.
since
From: [EMAIL PROTECTED] (Dave Rand)
...
We are not fighting technology. We are dealing with very well organized,
smart, and well-funded people.
We need to focus on solutions that we can deploy, which will address the
problems at hand, as we discover them. That means we will deploy
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
ICANN has not shown any interest or ability to affect change in
this realm.
I'm not clear what this realm actually is.
Rgds,
-drc
From: Dave Crocker [EMAIL PROTECTED]
To: Paul Vixie [EMAIL PROTECTED], nanog@merit.edu, Gadi Evron [EMAIL
PROTECTED]
Subject: Re: On-going Internet Emergency and Domain Names
offlist.
actually, not, according to the headers shown above.
Paul Vixie wrote:
a push-pull. first, advance
It is my understanding that the various domain registries answer
to ICANN policy
_Some_ registries answer to ICANN policy, those that have entered
into contracts with ICANN. Others, e.g., all the country code TLD
registries, don't. However, even in those cases in which there are
On Sunday 01 April 2007 00:35, Adrian Chadd wrote:
On Sat, Mar 31, 2007, Gadi Evron wrote:
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and
start trying to fix things closer to the edge where the actual problem
is.
Thing
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
ICANN has not shown any interest or ability to affect change in
this realm.
I'm not clear what this realm actually is.
Abuse and Security (non infrastructure). ICANN, as far as I understand,
manages
On Sunday 01 April 2007 01:42, you wrote:
Gadi Evron wrote:
Thing is, the problem IS in the core. DNS is no longer just being abused,
it is pretty much an abuse infrastructure. That needs to be fixed if
security operations on the Internet at their current effectiveness
(which is low as
You do realize this post is not about Microsoft or IE 0days, right?
I would prefer not to turn this into an OS flamefest, my only point is that
*this list* is not the proper venue to discuss this issue; nor the methods
that you suggest as a remedy, regardless of merit.
Again if the rest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Mattias Ahnberg [EMAIL PROTECTED] wrote:
Fergie wrote:
I would posit that it does when criminals are able to abuse the
system.
Almost any system can be abused by people with bad intentions. I
am a strong advocate to not holding back on
On Sun, 2007-04-01 at 08:41 -0700, David Conrad wrote:
It is my understanding that the various domain registries answer
to ICANN policy
_Some_ registries answer to ICANN policy, those that have entered
into contracts with ICANN. Others, e.g., all the country code TLD
registries,
On Apr 1, 2007, at 11:51 AM, Douglas Otis wrote:
Instituting
notification of domain name additions before publishing would enable
several preemptive defenses not otherwise possible.
How does this help? Are you saying that new domains somehow are
somehow to be judged based upon someone's
On Sun, 1 Apr 2007, Paul Vixie wrote:
I've got no heartburn about deploying these technologies at a customer level,
but my experience with both BIND's check-names facilty and VeriSign's
sitefinder wildcard (*.COM) have taught me that it's best to creatively
rulebreak at the edge, and keep
On Sun, 2007-04-01 at 12:29 -0700, Roland Dobbins wrote:
On Apr 1, 2007, at 11:51 AM, Douglas Otis wrote:
Instituting notification of domain name additions before publishing
would enable several preemptive defenses not otherwise possible.
How does this help?
Information collected by
[EMAIL PROTECTED] (Gadi Evron) writes:
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and start
trying to fix things closer to the edge where the actual problem is.
Thing is, the problem IS in the core.
nope. read what he
[EMAIL PROTECTED] (Jeff Shultz) writes:
As I see it, the problem at hand is the current Windows 0day. What Gadi
is doing is concentrating on a tactic it is using to justify solving
what he sees as a more general problem (DNS abuse) that could be used by
an exploit to any operating system.
On Apr 1, 2007, at 3:36 PM, Douglas Otis wrote:
By ensuring data published by registry's can be previewed, all
registrars would be affected equally.
But what is the probative value of the 'preview'? By what criteria
is the reputational quality of the domain assessed, and by whom?
It
On Sun, 1 Apr 2007, Douglas Otis wrote:
When functional information is not valid, such as incorrect name servers
or IP addresses, this would not impose an immediate threat. However,
basic functional information will trace to the controlling entity. Only
by being able to preview this
On Sun, 2007-04-01 at 16:42 -0700, Roland Dobbins wrote:
On Apr 1, 2007, at 3:36 PM, Douglas Otis wrote:
By ensuring data published by registry's can be previewed, all
registrars would be affected equally.
But what is the probative value of the 'preview'? By what criteria
is the
On Sun, 01 Apr 2007 13:08:14 EDT, Donald Stahl said:
*Please don't think for a second I want to see the scammers given carte
blanche to do what they want- or that we shouldn't try to stop them- but
pretending we can solve the problem of user stupidity through technology
is disingenuous and
On Sun, 1 Apr 2007, Douglas Otis wrote:
Until Internet commerce requires some physical proof of identity, fraud
will continue. A zone preview approach can reduce related exploits and
associated crime, and the amount of information pushed to the edge.
What on earth makes you think that
On Mon, 2007-04-02 at 12:03 +1200, Simon Lyall wrote:
So assuming you get rid of tasting and reduce the flow of new names to
say 50,000 per day [1] exactly how are you going to preview these in any
meaningful sort of way?
A preview would not directly reduce a churn rate, although it might as
the more general problem is hard to agree about. i think it's that every
day neustar and afilias and verisign and the other TLD registries handle
many millions of new-domain transactions, most of which will never be paid
for (domain tasting)
Right.
and most of which are being held with
On Sun, 1 Apr 2007, Chris L. Morrow wrote:
On Sun, 1 Apr 2007, Paul Vixie wrote:
But, that's the DNS edge, I'm not ready to see the DNS core gain
features
like this. Or if they do come, I'd like them to come as a result of
consensus
driven protocol engineering (like inside the
On 1 Apr 2007, Paul Vixie wrote:
[EMAIL PROTECTED] (Gadi Evron) writes:
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and start
trying to fix things closer to the edge where the actual problem is.
Thing is, the problem
On Sun, 1 Apr 2007, Cat Okita wrote:
On Sun, 1 Apr 2007, Douglas Otis wrote:
Until Internet commerce requires some physical proof of identity, fraud
will continue. A zone preview approach can reduce related exploits and
associated crime, and the amount of information pushed to the edge.
On Apr 1, 2007, at 6:16 PM, Douglas Otis wrote:
Reacting to new domains after the fact is often too late.
What happens when they're wrong?
And who's 'they', btw? What qualifications must 'they' have? And
what happens if a registrar disagrees with 'them'? Or when 'they'
are
On Sun, 1 Apr 2007, Roland Dobbins wrote:
On Apr 1, 2007, at 6:16 PM, Douglas Otis wrote:
Reacting to new domains after the fact is often too late.
What happens when they're wrong?
And who's 'they', btw? What qualifications must 'they' have? And
what happens if a registrar
On 31 Mar 2007 06:09:30 +, Paul Vixie [EMAIL PROTECTED] wrote:
are we really going to stop malware by blackholing its domain names? if
so then i've got some phone calls to make.
That does seem to be the single point of failure for these malwares,
and for various other things besides
On Sat, Mar 31, 2007, Suresh Ramasubramanian wrote:
On 31 Mar 2007 06:09:30 +, Paul Vixie [EMAIL PROTECTED] wrote:
are we really going to stop malware by blackholing its domain names? if
so then i've got some phone calls to make.
That does seem to be the single point of failure for
On 3/31/07, Adrian Chadd [EMAIL PROTECTED] wrote:
.. just wait until they start living on in P2P trackerless type setups
and not bothering with temporary domains - just use whatever resolves to the
end-client. You'll wish it were as easy to track as accessing these websites
p2p based botnets
On Sat, Mar 31, 2007, Suresh Ramasubramanian wrote:
On 3/31/07, Adrian Chadd [EMAIL PROTECTED] wrote:
.. just wait until they start living on in P2P trackerless type setups
and not bothering with temporary domains - just use whatever resolves to
the
end-client. You'll wish it were as easy
On 3/31/07, Adrian Chadd [EMAIL PROTECTED] wrote:
p2p based botnets are already there, I'm afraid.
Shiny. Know any papers which have looked at it?
The recent storm worm for example seems to have had at least some p2p
functionality. There's a bunch of papers, ISC SANS posts etc that can
be
On 31 Mar 2007, Paul Vixie wrote:
whoa. this is like deja vu all over again. when [EMAIL PROTECTED] asked me
to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh
On Sat, 31 Mar 2007, Gadi Evron wrote:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
The argument can be made that you're trying to solve a windows-problem by
implementing blocking in DNS.
Next step would be to ask all access providers to block outgoing UDP/53
On Sat, 31 Mar 2007, Mikael Abrahamsson wrote:
On Sat, 31 Mar 2007, Gadi Evron wrote:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
The argument can be made that you're trying to solve a windows-problem by
implementing blocking in DNS.
Next step would be
Paul Vixie wrote:
whoa. this is like deja vu all over again. when [EMAIL PROTECTED] asked me to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh off the boat and did as
Port 25 is bad. It has been blocked.
Port 53 is bad. Some ISPs are already going to block it.
How about port 80?
I think port 80 should have been the first and only port to block.
Let the other ports stay alive.
And maby a test for port 42 would be nice.
If port 42 is answered by an IEN 116
On Fri, 30 Mar 2007, Gadi Evron wrote:
There is a current on-going Internet emergency: a critical 0day
vulnerability currently exploited in the wild threatens numerous desktop
systems which are being compromised and turned into bots, and the domain
names hosting it are a significant part
On Sat, 31 Mar 2007 08:49:27 EDT, [EMAIL PROTECTED] said:
OK, so, do you officially declare the emergency? Should we all block the
domains listed on http://isc.sans.org/, is that an authoritative site of
botnet hunters? If so, there are couple of surprises for you.
baidu.com listed there is
On Sat, 31 Mar 2007 [EMAIL PROTECTED] wrote:
OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed
being handled. I am raising the flag on an ever increasing problem with
DNS.
This latest incident
On Sat, 31 Mar 2007, Gadi Evron wrote:
domains listed on http://isc.sans.org/, is that an authoritative site
of botnet hunters? If so, there are couple of surprises for you.
baidu.com listed there is a chinese equivalent of google, who'd get
very upset if its domain name got revoked.
On Sat, Mar 31, 2007, Gadi Evron wrote:
On Sat, 31 Mar 2007 [EMAIL PROTECTED] wrote:
OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed
being handled. I am raising the flag on an ever increasing
On Sat, 2007-03-31 at 06:16 -0500, Gadi Evron wrote:
Or we can look at it from a different perspective:
Should bad guys be able to register thousands of domains with amazon and
paypal in them every day? Should there be black hat malicious registrars
around? Shouldn't there be an abuse route
Gadi Evron wrote:
The real problem? Okay, I'd like your ideas than. :)
Just because one doesn't have a solution to the real
problem doesn't invalidate them from objecting to an
idea presented by someone else, you know?
Trying to fix DNS this way is just the wrong thing
to do, even though the
The only constant is the malicious domain name.
If we are able to take care of all the rest, and DNS becomes
the one facet
which can rewind the wheel, DNS is the problem.
You have just explained how DNS is *NOT* the problem. The only constant
is the domain name. That is handled by
On Saturday 31 March 2007 07:45, Peter Dambier wrote:
Port 25 is bad. It has been blocked.
Port 53 is bad. Some ISPs are already going to block it.
How about port 80?
I think port 80 should have been the first and only port to block.
Close one, the will go to another, and another --
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Douglas Otis
Sent: Saturday, March 31, 2007 9:47 AM
To: Gadi Evron
Cc: nanog@merit.edu
Subject: Re: On-going Internet Emergency and Domain Names
On Sat, 2007-03-31 at 06:16 -0500, Gadi Evron wrote:
Or we can look at it from
...
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
As to blacklisting, it's not my favorite solution but rather a limited
alternative I also saw you mention on occasion. What alternatives do you
offer which we can use today?
on any
On Mar 31, 2007, at 9:20 AM, Paul Vixie wrote:
fundamentally, this isn't a dns technical problem, and using dns
technology
to solve it will either not work or set a dangerous precedent. and
since
the data is authentic, some day, dnssec will make this kind of poison
impossible.
Some SPs
Mattias Ahnberg wrote:
They will adapt to any change like this we would try
to do. The only real way to attempt to stop this is
lobbying for legislation, nailing people for what we
see around us and the damage they cause us and to
make it risky business rather than the piece of cake
it is
Kradorex Xeron wrote:
What needs to be done is the ISPs allowing botnets and malware to run rampid
on their networks to be held accountable for being negligent on their network
security, Service provider abuse mailboxes should be paid more heed to, and
reports should be acted upon,
The
On Sat, 31 Mar 2007, Fergie wrote:
...and before people starting bashing Gadi for being off-topic, etc.,
I'll side with him on the fact that this particular issue appears to
be quite serious.
Wow, if both gadi and fergie say its important, it must be a real
showstopper.
[EMAIL
* Fergie:
While the 0-day exploit is the ANI vulnerability, there are many,
many compromised websites (remember the MiamiDolhins.com embedded
javascript iframe redirect?) that are using similar embedded .js
redirects to malware hosted sites which fancy this exploit.
And some of them have
1 - 100 of 159 matches
Mail list logo