Hiya, I just wanted to say "thank you" to those posting on this subject that gave a little "backgrounder" to what the problem is so that those of us who are newer at this can comprehend the problem. That is SO useful and I truly do appreciate the extra time and effort expended on this. Have a great weekend, Darlene Darlene A. Thompson Community Access Program Administrator Nunavut Department of Education/N-CAP c/o P.O. Box 1000, Station 910 Iqaluit, NU X0A 0H0 Phone: (867) 975-6531 Fax: (867) 979-8870 dthompson@gov.nu.ca -----Original Message----- From: alac-bounces@atlarge-lists.icann.org [mailto:alac-bounces@atlarge-lists.icann.org] On Behalf Of Alan Greenberg Sent: Friday, August 10, 2007 3:00 PM To: Robert Guerra; At-Large Worldwide Subject: Re: [At-Large] Fast Flux & Domain tasting Although one could imagine using fast-flux to obfuscate who is hosting a tasted monetization page, it hardly seems worth the trouble. For those who are not familiar with fast flux, there are number of interesting articles about it. http://www.theregister.com/2007/07/11/fast_flux_botnet/page2.html http://www.securityfocus.com/news/11473/2 http://www.honeynet.org/papers/ff/fast-flux.html The first two are short, the last one isn't. Alan At 10/08/2007 02:14 PM, Robert Guerra wrote:

There's an interesting discussion taking place on the SSAC list in regards to the fast flux issue.

Here's a recent comment from the SSAC list -

Domain tasting is an optimisation of the domain name monetisation business model, where a registrant earns money from PPC ads placed on a parked webpage. For monetisation you don't actually want to change the DNS information often.

Fast Flux is more associated with using a domain name for an email address or URL that has been used in SPAM email. Due to the millions of emails that are floating around there is value in ensuring that the domain name used is not shut-down prematurely. Thus those involved will try to make the WHOIS and other more visible information as legitimate looking as possible (stopping the registrar shutting down the domain), but bounce the hosting of the email or website amongst various locations to avoid a hosting company or ISP shutting down the service at the source - or blocking the offending IP address at the entry point to a service providers network.

Any comments?

regards,

Robert --- Robert Guerra <rguerra@privaterra.ca> Managing Director, Privaterra Tel +1 416 893 0377

_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.ican n.org

At-Large Official Site: http://www.alac.icann.org ALAC Independent: http://www.icannalac.org

_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann .org At-Large Official Site: http://www.alac.icann.org ALAC Independent: http://www.icannalac.org

It seems like what we're talking about over and over are servers located in overseas locations that are constantly providing scams (phishing, farming, etc.)

The scam servers are typically located on virus-controlled zombies that can be anywhere, as often as not right here in the US.

I wouldn't suggest that it doesn't happen in the US, but I think ISPs in the US are much more eager to shut them down.

If only. A few do, but the lack of action cleaning up zombied PCs is a global scandal. Also, if you look at Spamhaus' list of the worst problem ISPs, the worst one has for a long time been Verizon, which absorbed but did not fix the equally bad MCI.

But, what if the scammers are the ISP? I truly believe that 90% of all our problems are due to the mafia-style collusion between the crooks and ISPs in countries like China, the Balkans, and Central Africa.

Nope. There may be some of that, but that's not a major issue. The worst is ISPs like Verizon that turn a blind eye to their sleazy customers.

At some point, I think there needs to be an ICANN-level task force that can go in an repatriate IP#s that are causing serious problems

That's not how Internet routing works. There is no practical way to take IP space away from one party and give it to another if the first party isn't inclined to cooperate. It's possible to blacklist IPs so nobody can use them, but then the space is gone, and given the diminishing amount of available IPv4 address space, that's going to be a very hard sell. R's, John

Step one is being aware of the issues. Step two is trying to determine what we, as ICANN At-Large, are able to do about them. Do existing contracts with gTLDs give ICANN the ability to demand action on these issues from their registries? Does ICANN even have the right to demand to know what policies exist? I'm new to the process and still trying to determine what leverage ICANN has on these issues beyond addressing them in future registry agreements. I'm not even sure if ICANN is capable of imposing such policy positions in renewals of existing contracts, or will it get sued. At the SJ meeting I was made very aware of debate regarding actual limits of ICANN's power and influence, especially over existing registries. While these issues are indeed very important, it is also critical to know what role ICANN can play in fixing the problem, so that we can best understand how within At-Large to move forward. At very least there is an education role to play in making sure the public (via existing ALSs to start) is made aware of the issue. But it's important that, if At-Large take any actual policy-study initiatives, there is at least a forum in which the results of thus study can have an effect. Spending a lot of volunteer resources on policy, only to find that ICANN couldn't do anything even were the Board to agree with our position, strikes me as a very ineffective use of community energy. It' s one thing to take a position, even an unpopular one, with the intent of influencing policy and direction. It's quite different to take a strong stand on something that ICANN is unable to act upon. - Evan