i think someone needs to nuke this domain
randy
I think your missing out on the $250 JC Penny card. You can buy a lot of swag with that!
Randy Bush wrote:
isn't this a job for super-icann?
Better yet, why don't the registrars police themselves?
-M<
isn't this a job for super-icann?
Better yet, why don't the registrars police themselves?
what you mean is why don't the registrars seriously vet
their customers?
i suspect the job is non-trivial, to say the least. and
where is the financial motivation? at $10/year, what do
you suggest they actually do?
as a teensie registrar (for a half dozen small cctlds),
and one who actually does try to verify that the admin
poc answers the phone, etc. as well as server ops, 2182,
etc, lemme tell you it is a major pita for me and for
the folk who help vet.
randy
Many do. They just don't police each other.
-david
Sure seems like security is AWOL on the registrars agenda:
http://www.google.com/search?hl=en&lr=&domains=icann.org&q=botnet&btnG=Search&sitesearch=icann.org
http://www.google.com/search?hl=en&lr=&domains=icann.org&q=zombie&btnG=Search&sitesearch=icann.org
-M<
I thought we established last month that deleting domain names is a very good
way of messing up the entire Internet. See the thread on losing entire data
centres.
If you have any useful proposals on how registrars might be of use in
defending against botnets, I'm sure ICANN and friends are all ears. But
unless you've found an amplification attack using whois servers, it probably
isn't something the registrars can help you with.
There is some discussion on phishing, but even here it isn't clear what a
registrar could do, and most phishing these days doesn't involve the
registrars at all.
Randy's original comment was misplaced, it was the content, not the domain
name he was objecting to. Deleting domain names is a very extreme, and oft
times ineffective, way of trying to remove content.
We've have enough trouble with ISPs with knee-jerk reactions to objectionable
content, we don't need registrars adopting the same daft policies, or the
Internet would collapse in a few weeks.
Simon Waters wrote:
So.. ICANN, the domain name's importance to phishing and what registrars can do, in that order.
I thought we established last month that deleting domain names is a very good way of messing up the entire Internet. See the thread on losing entire data centres.
The domain today is the weak spot we need to hit. Using fast-flux, spammers (phishers), VX-ers, etc. jump from IP to IP even every 10 minutes. Whack-a-mole itself becomes impossible.
Kill the domain (or the DNS RR) and you destroy the bottle-neck.
Bad guys already seem to be bouncing back from the blacklisting of entire bulk registrations. They used to say, register 5K domains and use them as throw-away. Now we can black-list all of them ahead of time. Or at least we could do so, now they are already bouncing back with their new evolution in the whack-a-mole game.
Terminate a DNS RR and they just create new ones, but the short-term effect, if you can make it happen, it worth it for TODAY.
Terminate the domains (one doesn't really help) and you cost them money.
If you have any useful proposals on how registrars might be of use in defending against botnets, I'm sure ICANN and friends are all ears. But unless you've found an amplification attack using whois servers, it probably isn't something the registrars can help you with.
ICANN from the part I know them - the registrars and security front, are good people. They do good under their own constraints. We should stick to putting them down for so called "governance" issues.
ICANN domain termination though is a useless process in practicality.
There is some discussion on phishing, but even here it isn't clear what a registrar could do, and most phishing these days doesn't involve the registrars at all.
I am not sure what the numbers are, but most phishing seems to involve this or that registrar. Many of the registrars today are extremely responsive. Godaddy showed that much, despite what people may think of their actions. I wonder, did we ever get their side of the story?
All that aside, as I don't want to start that war again, many of the key registrars today are sitting on the reg-ops operational list and respond to new reports in semi-real time. They can't deal with the volume due to obvious limitations in how the process works, but anything reported to them gets checked into in a reasonable time, and acted upon.
There are some blackhat registrars (mostly resellers), but that wasn't what we were discussing.
Randy's original comment was misplaced, it was the content, not the domain name he was objecting to. Deleting domain names is a very extreme, and oft times ineffective, way of trying to remove content.
We've have enough trouble with ISPs with knee-jerk reactions to objectionable content, we don't need registrars adopting the same daft policies, or the Internet would collapse in a few weeks.
The Internet is not going to die tomorrow.
The domains reported are 2 out of a ... a lot, today alone. I think maybe we should all start sending in every bad domain we find into NANOG. </cynical>
Sorry for the wake-up call, but how many domains out of those registered do you figure are legit or have legit contact information?
Gadi.