In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
writes:
>--- Mark Jeftovic <[EMAIL PROTECTED]> wrote:
>> An important aspect of my suggestion was the penalty method where
>> it costs you an interval of time when you attempt to snag a dropped
>> domain and that interval doubles everytime you attempt it.
>
>Every 'system' can be beaten, and this one can as well. One might do
>the following, if one is serious about getting a name, using the above
>rules:
>
>1) have control over multiple registrars, e.g. registrars A and B; by
>issuing the "checks" under registrar 'A' and not 'B', one can keep
>registrar B open to finally snag it once it does pop free
>
>2) script using the public interfaces of other registrars (e.g.
>OpenSRS, NSI, Register.com, eNom, Dotster) to penalize attempts by
>customers using those registrars, thereby increasing the likelihood
>that one's own registrar (where one has 100% control) will get it.
It is, would, and should be the reponsibility of each registrar
to ensure their own system isn't used to launch a proxy attack
on the SRS. They need to implement their own measures to keep an
end-user from abusing their own system.
>Attack #2 puts retail customers in particular at a disadvantage, and
>would thus limit drops to the pros who control entire registries, e.g.
>some of the Asian ones, and Signature Domains. OpenSRS customers would
>*never* get drops, as all you need is a single customer using the
>public interfaces to effectively perform a Denial of Service against
>all other customers of that registry.
This is presuming that that registrar sits idly by and does
absolutely nothing while someone hammers their system and,
in turn, causes them to hammer the SRS. I don't see that
going on for very long.
OpenSRS has connection limits on their whois server. Do you think that
if an exponential backoff mechanism were implemented at the SRS, that
they wouldn't protect their registry system?
>There's no system that can't be abused. Game theory and economics will
>ultimately need to be considered when trying to 'solve' the problem,
>although I'm not completely convinced that there is a problem
>(remember, this is NSI who claims that there is a problem, and they're
>quite good at inventing a crisis, to change things to a system where
>they can increase their power and make more money). Simple
Touche.
Cengiz Akinli
Netmar, Inc.
Registry Service Complaint Clearinghouse - http://rscch.com/
Get your complaint in front of the people that matter.
