FW: Transmittal of SAC 025 to ALAC
Dear At-Large community members: We have the pleasure of providing the attached for your review. ------ Forwarded Message From: Dave Piscitello <dave.piscitello@icann.org> Date: Tue, 11 Mar 2008 12:00:49 -0700 To: Nick Ashton-Hart <Nick.Ashton-Hart@icann.org>, <rguerra@privaterra.ca>, <vanda@uol.com.br>, <cheryl@hotek.com.au> Cc: Steve Crocker <steve@shinkuro.com> Subject: Transmittal of SAC 025 to ALAC 12 March 2008 Transmittal of SAC025: Fast Flux Hosting and DNS to the ALAC At the direction of the ICANN Board of Directors, the Security and Stability Advisory Committee invites the ALAC to consider the accompanying Advisory, SAC 025: Fast Flux Hosting and DNS. A PDF of the Advisory may be downloaded from the ICANN web site at http://www.icann.org/committees/security/sac025.pdf Cyber-criminals and Internet miscreants use Fast Flux hosting to frustrate anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today. One variant of fast flux hosting, "double flux", exploits the domain name registration and name resolution services. SAC 025 describes the technical aspects of fast flux hosting and fast flux service networks and explains how the DNS is exploited to abet criminal activities that employ fast flux hosting. The Advisory discusses current and possible methods of mitigating fast flux hosting at various points in the Internet and identifies those methods that SSAC considers practical and sensible. SSAC asks that the ALAC consider in particular the Section entitled Shut Down the fast flux hosts, where measures to reduce the number of hosts that attackers can compromise and use in fast flux attacks are discussed. While these measures alone cannot eliminate fast flux hosting, they can greatly improve the overall Internet security baseline if implemented broadly and uniformly. We thank you in advance for your time and consideration. David Piscitello ICANN Senior Security Technologist, On behalf of the SSAC ------ End of Forwarded Message
Dave and all, Dave, I for one am glad you forward this. Thank you! I hope that other seemingly ignorant or less technically adept users whom are on this ALAC forum, and I am sure other ALS's would be wise to read the provided PDF link you so kindly and wisely provided. I have forwarded your below forwarded link to all of our members separately as well as to other self defined interested NGO's and commercial organizations whom focus predominantly on IT security and privacy. This response, as all of my responses or receipts will automatically be forwarded to all of our members accordingly. This said, I am still left with some wonderment as to why ICANN has in it's review provided in the below provided link, provide for some places where users can seek some level of protection? Our members which span the globe have often suggested to myself that we continue our review of DNS configuration checking in dealing with the Fast Flux and Phishing problem and it's relationship to IDtheft as well. So we are now setting up such in conjunction with other NGO's, and commercial organizations that center on IT security. I have as an intent to inform a broadly as possible posted to the global ALAC forum those higher profile LEA's ( FBI and NSA in particular), DNS Reports clearly demonstrating that their DNS config's. are in error and some to the gross extent of exposing themselves and members of the public, namely users, to extreme risk of be compromised to Phishing and Fast Flux as well as having malware and spyware loaded upon their PC's and exposing them to stalking, child pornography duping, bank accounts compromised, and credit card information fraudulently used for a host of criminal activities without their knowledge. Additionally I have posted also that some of ICANN's own SO's, such as the IETF, IAB, and IESG also have terribly mis-configured DNS's and similarly expose visitors to those web sites to all these dangers. As such, a reasonable user is left with wondering how can the pot call the kettle black, and/or not address their own self created security risks to any user? I cannot adequately propose a complete answer, but can surmise that either there is an arrogance of denial or a intentful ignorance present within ICANN, some LEA's and other government agencies as well as many commercial and non-commercial organizations accordingly. At-Large Staff wrote:
Dear At-Large community members:
We have the pleasure of providing the attached for your review.
------ Forwarded Message From: Dave Piscitello <dave.piscitello@icann.org> Date: Tue, 11 Mar 2008 12:00:49 -0700 To: Nick Ashton-Hart <Nick.Ashton-Hart@icann.org>, <rguerra@privaterra.ca>, <vanda@uol.com.br>, <cheryl@hotek.com.au> Cc: Steve Crocker <steve@shinkuro.com> Subject: Transmittal of SAC 025 to ALAC
12 March 2008
Transmittal of SAC025: Fast Flux Hosting and DNS to the ALAC
At the direction of the ICANN Board of Directors, the Security and Stability Advisory Committee invites the ALAC to consider the accompanying Advisory, SAC 025: Fast Flux Hosting and DNS.
A PDF of the Advisory may be downloaded from the ICANN web site at
http://www.icann.org/committees/security/sac025.pdf
Cyber-criminals and Internet miscreants use Fast Flux hosting to frustrate anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today. One variant of fast flux hosting, "double flux", exploits the domain name registration and name resolution services.
SAC 025 describes the technical aspects of fast flux hosting and fast flux service networks and explains how the DNS is exploited to abet criminal activities that employ fast flux hosting. The Advisory discusses current and possible methods of mitigating fast flux hosting at various points in the Internet and identifies those methods that SSAC considers practical and sensible.
SSAC asks that the ALAC consider in particular the Section entitled Shut Down the fast flux hosts, where measures to reduce the number of hosts that attackers can compromise and use in fast flux attacks are discussed. While these measures alone cannot eliminate fast flux hosting, they can greatly improve the overall Internet security baseline if implemented broadly and uniformly.
We thank you in advance for your time and consideration.
David Piscitello ICANN Senior Security Technologist, On behalf of the SSAC
------ End of Forwarded Message
Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Huge cross posting and e-mail with no relevance and facts. What are you talking about again? On 12/03/2008, Jeffrey A. Williams <jwkckid1@ix.netcom.com> wrote:
Dave and all,
Dave, I for one am glad you forward this. Thank you! I hope that other seemingly ignorant or less technically adept users whom are on this ALAC forum, and I am sure other ALS's would be wise to read the provided PDF link you so kindly and wisely provided. I have forwarded your below forwarded link to all of our members separately as well as to other self defined interested NGO's and commercial organizations whom focus predominantly on IT security and privacy. This response, as all of my responses or receipts will automatically be forwarded to all of our members accordingly.
This said, I am still left with some wonderment as to why ICANN has in it's review provided in the below provided link, provide for some places where users can seek some level of protection? Our members which span the globe have often suggested to myself that we continue our review of DNS configuration checking in dealing with the Fast Flux and Phishing problem and it's relationship to IDtheft as well. So we are now setting up such in conjunction with other NGO's, and commercial organizations that center on IT security.
I have as an intent to inform a broadly as possible posted to the global ALAC forum those higher profile LEA's ( FBI and NSA in particular), DNS Reports clearly demonstrating that their DNS config's. are in error and some to the gross extent of exposing themselves and members of the public, namely users, to extreme risk of be compromised to Phishing and Fast Flux as well as having malware and spyware loaded upon their PC's and exposing them to stalking, child pornography duping, bank accounts compromised, and credit card information fraudulently used for a host of criminal activities without their knowledge. Additionally I have posted also that some of ICANN's own SO's, such as the IETF, IAB, and IESG also have terribly mis-configured DNS's and similarly expose visitors to those web sites to all these dangers. As such, a reasonable user is left with wondering how can the pot call the kettle black, and/or not address their own self created security risks to any user? I cannot adequately propose a complete answer, but can surmise that either there is an arrogance of denial or a intentful ignorance present within ICANN, some LEA's and other government agencies as well as many commercial and non-commercial organizations accordingly.
At-Large Staff wrote:
Dear At-Large community members:
We have the pleasure of providing the attached for your review.
------ Forwarded Message From: Dave Piscitello <dave.piscitello@icann.org> Date: Tue, 11 Mar 2008 12:00:49 -0700 To: Nick Ashton-Hart <Nick.Ashton-Hart@icann.org>, < rguerra@privaterra.ca>, <vanda@uol.com.br>, <cheryl@hotek.com.au> Cc: Steve Crocker <steve@shinkuro.com> Subject: Transmittal of SAC 025 to ALAC
12 March 2008
Transmittal of SAC025: Fast Flux Hosting and DNS to the ALAC
At the direction of the ICANN Board of Directors, the Security and Stability Advisory Committee invites the ALAC to consider the accompanying Advisory, SAC 025: Fast Flux Hosting and DNS.
A PDF of the Advisory may be downloaded from the ICANN web site at
http://www.icann.org/committees/security/sac025.pdf
Cyber-criminals and Internet miscreants use Fast Flux hosting to frustrate anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today. One variant of fast flux hosting, "double flux", exploits the domain name registration and name resolution services.
SAC 025 describes the technical aspects of fast flux hosting and fast flux service networks and explains how the DNS is exploited to abet criminal activities that employ fast flux hosting. The Advisory discusses current and possible methods of mitigating fast flux hosting at various points in the Internet and identifies those methods that SSAC considers practical and sensible.
SSAC asks that the ALAC consider in particular the Section entitled Shut Down the fast flux hosts, where measures to reduce the number of hosts that attackers can compromise and use in fast flux attacks are discussed. While these measures alone cannot eliminate fast flux hosting, they can greatly improve the overall Internet security baseline if implemented broadly and uniformly.
We thank you in advance for your time and consideration.
David Piscitello ICANN Senior Security Technologist, On behalf of the SSAC
------ End of Forwarded Message
Regards,
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln
"Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
At-Large Official Site: http://www.alac.icann.org
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Franck Martin franck.martin@gmail.com http://www.peachymango.org/ "Toute connaissance est une réponse à une question" G. Bachelard
participants (3)
-
At-Large Staff -
Franck Martin -
Jeffrey A. Williams