The overseer of the Internet's addressing system is soliciting ideas for how to fix a problem that is enabling spammers and fraudulent Web sites to flourish. The Internet Corporation for Assigned Names and Numbers (ICANN) has issued an initial report on fast flux, a technique that allows a Web site's domain name to resolve to multiple IP (Internet protocol) addresses.Fast flux allows an administrator to quickly point a domain name to a new IP address, for example if the server at the first address fails or comes under a denial-of-service attack. It is legitimately used by content distribution networks such as Akamai to balance loads, improving performance and lowering data transmission costs.
But the technique has also been embraced by hackers and cybercriminals, who use it to make it harder for ISPs (Internet service providers) and law enforcement officials to close down phishing Web sites and other sites illegally hawking goods such as pharmaceuticals.
[gnso.icann.org...]
I still receive spam emails that suggest my long deceased grandfather is still emailing me and wants me to pick up the latest hallmark card he sent me. Of course the link is an exe, it's a hacking attempt, but the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first.
the headers of the email resolve to Hallmark. THAT kind of bs needs to be fixed first.
IMHO forged email headers are a minor issue.
Do you really look at email headers before deciding to run an executable attached to an email? If Hallmark really did send you an .exe you still should't trust it I hope - so isn't the executable attachment a far bigger deal than the forged header line(s)?
BTW, I could send you a postcard on which I'd written "From: Barack Obama, 1600 Pennsylvania Avenue" but in addition to that there'd like be a postmark saying "Innsbruck, Austria" [I'm doing a bit of skiing this week].
Would you believe my forged "From:" lines, or the post office's postmark?
Just like "From:" and "Received:" in your email header... it's easy once you know how :-)
The issue is how to quickly close down bad websites, is it not. So, rather than worrying about the IP address to which the domain resolves, surely they should simply blacklist/erase the domain name. If the domain name is erased, that's it, job done.
Provided this can be achieved quickly (hours not days) and mistakes can be corrected (days not weeks) then that should more or less solve that part of the problem. However, phishing attacks will simply use multiple IP addresses directly i.e. without bothering to register silly domain names like "security-check-acmebank.com"
Am I missing something?
Kaled.
simply blacklist/erase the domain name. If the domain name is erased, that's it, job done.
Provided this can be achieved quickly (hours not days)
However, as I said before, procedures should be put in place to swiftly correct mistakes.
Kaled.
The issue is how to quickly close down bad websites, is it not
...but who will get to define "bad"?
ICANN? The US Supreme Court? The RIAA?
Frankly, I'd be inclined to tell the banks to sort out the problem themselves. A secure USB credit-card scanning device could be designed quickly, would be small and cheap, and could even be integrated into new computers. This would also improve security for online shopping, although that's another area where banks have been utterly pathetic.
Kaled.
PS. I don't want to hear comments about making card cloning easier, etc. Whilst a new chip might be required for credit cards, the problem as a whole is easy to solve and could be totally secure.
I'd be inclined to tell the banks to sort out the problem themselves
Funnily enough, that's pretty much what Bruce Schneier suggested back in 2005 [schneier.com].
IMHO he's a guy who actually does know what he's talking about...
