Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: ICANN Requests Public Comment on Initial Report on Fast-Flux Hosting - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ICANN Requests Public Comment on Initial Report on Fast-Flux Hosting

This issue deserves widespread comment, the report is published here;

Initial Report of the GNSO Fast Flux Hosting Working Group
 

Already have an opinion? Go here - Public Comment: Initial Report on Fast Flux Hosting

You or your organization's lack of comment will ensure that what is adopted will turn out something like the SMTP Protocol. YMMV

Patrick

193 Posts
Please comment. SMTP is painful.
Anonymous
Real-time blacklists of domain names, within an ISP or shared LAN's resolver or proxy, or used by a browser or security product, would be just as effective against a fast-flux domain as any other.
Steven C.

171 Posts
One problem I can see immediately is DNSSec. When you're rolling over keys, you want a low TTL on your RRs to allow rollover propagation to complete as soon as possible, so you'll find many DNSSec production zones using TTLs as low as 600. Most of my zones use this as SOP and there's nothing inherently evil about using low TTLs. It also has a side-effect of minimising the damage of cache-poisoning for non-DNSSec aware resolvers. Granted, low TTLs are just one attribute pointed out in the PDF, but there are legitimate reasons for people to use them on their RRs. Hopefully, this "reliable detection [and] acceptable rate of false positives" (in this case, none, I should hope) will take this into account.
Matt

7 Posts
Sounds like the first discussion about Fast Flux to decide if there were legitimate uses was contentious.

This is a case of blaming the network layer for inappropriate choices made for the session or application layers.

Basic requirements for authentication and encryption are not being appropriately graded to the criticality of the application.

Banks and investment companies routinely communicate to customers via email. Account management is implemented via web browser with asymmetrical authentication that relies on human judgment! The result is that fraud by FF hosting pays.

The solution to this problem is to secure the applications with technology that is appropriate to the level of value and risk. The network is only the pipe.
MichaelH

4 Posts

Sign Up for Free or Log In to start participating in the conversation!