homepage Welcome to WebmasterWorld Guest from 54.211.138.180
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
ICANN Issues Initial Report On Fast Flux
engine




msg:3835858
 6:31 pm on Jan 27, 2009 (gmt 0)

link [pcworld.com]
The overseer of the Internet's addressing system is soliciting ideas for how to fix a problem that is enabling spammers and fraudulent Web sites to flourish. The Internet Corporation for Assigned Names and Numbers (ICANN) has issued an initial report on fast flux, a technique that allows a Web site's domain name to resolve to multiple IP (Internet protocol) addresses.

Fast flux allows an administrator to quickly point a domain name to a new IP address, for example if the server at the first address fails or comes under a denial-of-service attack. It is legitimately used by content distribution networks such as Akamai to balance loads, improving performance and lowering data transmission costs.

But the technique has also been embraced by hackers and cybercriminals, who use it to make it harder for ISPs (Internet service providers) and law enforcement officials to close down phishing Web sites and other sites illegally hawking goods such as pharmaceuticals.

[gnso.icann.org...]

 

JS_Harris




msg:3836036
 9:59 pm on Jan 27, 2009 (gmt 0)

I think this problem should be moved further down the list of issues raised by hackers and spammers. I'd like to see "fake headers" become impossible in emails for example. Hackers don't even need the server to resolve to another IP when they can just inject whatever domain/site name they wish as the sender.

I still receive spam emails that suggest my long deceased grandfather is still emailing me and wants me to pick up the latest hallmark card he sent me. Of course the link is an exe, it's a hacking attempt, but the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first.

vincevincevince




msg:3836135
 1:06 am on Jan 28, 2009 (gmt 0)

To me, the key to 'fast flux' hosting is to take things out at the DNS level not the host level. That means that registries have to become a lot more responsive to complaint - at present it is very hard to get them to take action against illegal use of a domain name. I would like to see a system by which registries are obliged to take down a domain with evidence of illegal use within an hour of the evidence being submitted.

webdoctor




msg:3836576
 4:26 pm on Jan 28, 2009 (gmt 0)

the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first.

IMHO forged email headers are a minor issue.

Do you really look at email headers before deciding to run an executable attached to an email? If Hallmark really did send you an .exe you still should't trust it I hope - so isn't the executable attachment a far bigger deal than the forged header line(s)?

BTW, I could send you a postcard on which I'd written "From: Barack Obama, 1600 Pennsylvania Avenue" but in addition to that there'd like be a postmark saying "Innsbruck, Austria" [I'm doing a bit of skiing this week].

Would you believe my forged "From:" lines, or the post office's postmark?

Just like "From:" and "Received:" in your email header... it's easy once you know how :-)

kaled




msg:3836969
 1:00 am on Jan 29, 2009 (gmt 0)

Perhaps I'm misunderstanding the problem but...

The issue is how to quickly close down bad websites, is it not. So, rather than worrying about the IP address to which the domain resolves, surely they should simply blacklist/erase the domain name. If the domain name is erased, that's it, job done.

Provided this can be achieved quickly (hours not days) and mistakes can be corrected (days not weeks) then that should more or less solve that part of the problem. However, phishing attacks will simply use multiple IP addresses directly i.e. without bothering to register silly domain names like "security-check-acmebank.com"

Am I missing something?

Kaled.

vincevincevince




msg:3836992
 1:37 am on Jan 29, 2009 (gmt 0)

simply blacklist/erase the domain name. If the domain name is erased, that's it, job done.

Provided this can be achieved quickly (hours not days)

Kaled, you are entirely correct. Unfortunately it seems most registries are fighting hard against actually having any oversight over domain use.

kaled




msg:3837027
 3:18 am on Jan 29, 2009 (gmt 0)

Surely, domain name registrars are just middlemen/brokers - they are not actually in charge. If ICANN decide that a domain name should be suspended, they should have the power to do so immediately. They should merely inform the registrar, not ask permission.

However, as I said before, procedures should be put in place to swiftly correct mistakes.

Kaled.

webdoctor




msg:3837243
 10:52 am on Jan 29, 2009 (gmt 0)

The issue is how to quickly close down bad websites, is it not

...but who will get to define "bad"?

ICANN? The US Supreme Court? The RIAA?

kaled




msg:3837310
 12:28 pm on Jan 29, 2009 (gmt 0)

Determining if a domain name is dedicated to phishing is pretty trivial. In any case, that issue has to be solved whichever end of the problem ICANN chooses to attack (domain name or IP address).

Frankly, I'd be inclined to tell the banks to sort out the problem themselves. A secure USB credit-card scanning device could be designed quickly, would be small and cheap, and could even be integrated into new computers. This would also improve security for online shopping, although that's another area where banks have been utterly pathetic.

Kaled.
PS. I don't want to hear comments about making card cloning easier, etc. Whilst a new chip might be required for credit cards, the problem as a whole is easy to solve and could be totally secure.

webdoctor




msg:3837463
 3:57 pm on Jan 29, 2009 (gmt 0)

I'd be inclined to tell the banks to sort out the problem themselves

Funnily enough, that's pretty much what Bruce Schneier suggested back in 2005 [schneier.com].

IMHO he's a guy who actually does know what he's talking about...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved