Danny and all, Yes. And it's good to see that ICANN has finnaly seen these problems in a more complete light. I have been preaching about these and many other problems for over 9 years to ICANN and the IANA. Better late than never I suppose. Next question is, what is, or can ICANN actually do about these security problems this late in the game? My guess is allot, but with very little noticable effect in the short, or mid term. What ICANN WILL do, is of course another matter all together... What's amazing, Paul Vixie has done more to secure DNS/BIND than all of the ICANN staff, IANA staff, IETF, and Registries have done combined, and he is only one person with a tiny staff! Danny Younger wrote:
from the GNSO Council mailing list:
Whereas, "fast flux" DNS changes are increasingly being used to commit crime and frustrate law enforcement efforts to combat crime, with criminals rapidly modifying IP addresses and/or nameservers in effort to evade detection and shutdown of their criminal website;
Whereas, the Security and Stability Advisory Committee has reported on this trend in its Advisory SAC 025, dated January 2008: http://www.icann.org/committees/security/sac025.pdf/
Whereas, the SSAC Advisory describes the technical aspects of fast flux hosting, explains how DNS is being exploited to abet criminal activities, discusses current and possible methods of mitigating this activity, and recommends that appropriate bodies consider policies that would make practical mitigation methods universally available to all registrants, ISPs, registrars and registries,
Whereas, the GNSO is likely an appropriate party to consider such policies
The GNSO Council RESOLVES:
ICANN Staff shall prepare an Issues Report with respect to "fast flux" DNS changes, for deliberation by the GNSO Council. Specifically the Staff shall consider the SAC Advisory, and shall outline potential next steps for GNSO policy development designed to mitigate the current ability for criminals to exploit the DNS via "fast flux" IP or nameserver changes.
http://gnso.icann.org/mailing-lists/archives/council/msg04737.html
____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827