Begin forwarded message:
From: Dave Piscitello <dave.piscitello@icann.org>Date: 11 March 2008 15:01:01 EDTTo: "GNSO.SECRETARIAT@GNSO.ICANN.ORG" <gnso.secretariat@gnso.icann.org>, Avri Doria <avri@acm.org>, "Gomes, Chuck" <cgomes@verisign.com>Cc: Steve Crocker <steve@shinkuro.com>Subject: Transmittal of SAC 025 to GNSO
11 March 2008
Transmittal of SAC025: Fast Flux Hosting and DNS to the GNSO
At the direction of the ICANN Board of Directors, the Security and Stability Advisory Committee invites the GNSO to consider the accompanying Advisory, SAC 025: Fast Flux Hosting and DNS. A PDF of the Advisory may be downloaded from the ICANN web site at
http://www.icann.org/committees/security/sac025.pdf
Cyber-criminals and Internet miscreants use Fast Flux hosting to frustrate anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today. One variant of fast flux hosting, "double flux", exploits the domain name registration and name resolution services.
SAC 025 describes the technical aspects of fast flux hosting and fast flux service networks and explains how the DNS is exploited to abet criminal activities that employ fast flux hosting. The Advisory discusses current and possible methods of mitigating fast flux hosting at various points in the Internet and identifies those methods that SSAC considers practical and sensible.
SSAC asks that the GNSO consider measures and best practices enumerated in SAC 025 and how these might be incorporated into standard operating procedures or future policies. While these measures alone cannot eliminate fast flux hosting, they can greatly improve the overall Internet security baseline if implemented broadly and uniformly.
We thank you in advance for your time and consideration.
David Piscitello
ICANN Senior Security Technologist,
On behalf of the SSAC