Hello, I propose the following motion for Council consideration in our next meeting on March 7th, may I please have a 'second'? Thanks, Mike Rodenbaugh Whereas, "fast flux" DNS changes are increasingly being used to commit crime and frustrate law enforcement efforts to combat crime, with criminals rapidly modifying IP addresses and/or nameservers in effort to evade detection and shutdown of their criminal website; Whereas, the Security and Stability Advisory Committee has reported on this trend in its Advisory SAC 025, dated January 2008: http://www.icann.org/committees/security/sac025.pdf/ Whereas, the SSAC Advisory describes the technical aspects of fast flux hosting, explains how DNS is being exploited to abet criminal activities, discusses current and possible methods of mitigating this activity, and recommends that appropriate bodies consider policies that would make practical mitigation methods universally available to all registrants, ISPs, registrars and registries, Whereas, the GNSO is likely an appropriate party to consider such policies The GNSO Council RESOLVES: ICANN Staff shall prepare an Issues Report with respect to "fast flux" DNS changes, for deliberation by the GNSO Council. Specifically the Staff shall consider the SAC Advisory, and shall outline potential next steps for GNSO policy development designed to mitigate the current ability for criminals to exploit the DNS via "fast flux" IP or nameserver changes.
Hi all I'll second the motion. Regards Cyril "Mike Rodenbaugh" <mxrodenbaugh@yah oo.com> To Sent by: "'Council GNSO'" owner-council@gns <council@gnso.icann.org> o.icann.org cc Subject 28/02/2008 01:12 [council] Fast Flux DNS AM Hello, I propose the following motion for Council consideration in our next meeting on March 7th, may I please have a 'second'? Thanks, Mike Rodenbaugh Whereas, "fast flux" DNS changes are increasingly being used to commit crime and frustrate law enforcement efforts to combat crime, with criminals rapidly modifying IP addresses and/or nameservers in effort to evade detection and shutdown of their criminal website; Whereas, the Security and Stability Advisory Committee has reported on this trend in its Advisory SAC 025, dated January 2008: http://www.icann.org/committees/security/sac025.pdf/ Whereas, the SSAC Advisory describes the technical aspects of fast flux hosting, explains how DNS is being exploited to abet criminal activities, discusses current and possible methods of mitigating this activity, and recommends that appropriate bodies consider policies that would make practical mitigation methods universally available to all registrants, ISPs, registrars and registries, Whereas, the GNSO is likely an appropriate party to consider such policies The GNSO Council RESOLVES: ICANN Staff shall prepare an Issues Report with respect to "fast flux" DNS changes, for deliberation by the GNSO Council. Specifically the Staff shall consider the SAC Advisory, and shall outline potential next steps for GNSO policy development designed to mitigate the current ability for criminals to exploit the DNS via "fast flux" IP or nameserver changes.
Hello, I propose the following motion for Council consideration in our next meeting on April 17th, may I please have a 'second'? Thanks, Mike Rodenbaugh Whereas, "fast flux" DNS changes are increasingly being used to commit crime and frustrate law enforcement efforts to combat crime, with criminals rapidly modifying IP addresses and/or nameservers in effort to evade detection and shutdown of their criminal website; Whereas, the Security and Stability Advisory Committee has reported on this trend in its Advisory SAC 025, dated January 2008: http://www.icann.org/committees/security/sac025.pdf/ Whereas, the SSAC Advisory describes the technical aspects of fast flux hosting, explains how DNS is being exploited to abet criminal activities, discusses current and possible methods of mitigating this activity, and recommends that appropriate bodies consider policies that would make practical mitigation methods universally available to all registrants, ISPs, registrars and registries, Whereas, the GNSO resolved on March 6, 2008 to request an Issues Report from ICANN Staff, to consider the SAC Advisory and outline potential next steps for GNSO policy development designed to mitigate the current ability for criminals to exploit the NS via "fast flux" IP and/or nameserver changes; Whereas, the ICANN Staff has prepared an Issues Report dated March 25, 2008, http://gnso.icann.org/issues/fast-flux-hosting/gnso-issues-report-fast-flux- 25mar08.pdf, recommending that the GNSO sponsor additional fact-finding and research to develop best practices guidelines concerning fast flux `hosting, and to provide data to assist policy development and illuminate potential policy options.; Whereas, ICANN should consider whether and how it might encourage registry operators and registrars to take steps that would help to reduce the damage done by cybercriminals, by curtailing the effectiveness of these fast flux hosting exploits. The GNSO Council RESOLVES: To initiate a Policy Development Process in accord with the ICANN Bylaws, by forming a Task Force of interested stakeholders and Constituency representatives, to collaborate broadly with knowledgeable individuals and organizations, in order to develop potential policy options to curtail the criminal use of fast flux hosting. The Task Force initially shall consider the following questions: ..Who benefits from fast flux, and who is harmed? ..Who would benefit from cessation of the practice and who would be harmed? ..How are registry operators involved in fast flux hosting activities? ..How are registrars involved in fast flux hosting activities? ..How are registrants affected by fast flux hosting? ..How are Internet users affected by fast flux hosting? ..What measures could be implemented by registries and registrars to mitigate the negative effects of fast flux? ..What would be the impact (positive or negative) of establishing limitations, guidelines, or restrictions on registrants, registrars and/or registries with respect to practices that enable or facilitate fast flux hosting? The Task Force shall report back to Council within 90 days, with a report discussing these questions and the range of possible answers developed by the Task Force members. The Task Force report also shall outline potential next steps for Council deliberation.
Hello Mike,
Whereas, ICANN should consider whether and how it might encourage registry operators and registrars to take steps that would help to reduce the damage done by cybercriminals, by curtailing the effectiveness of these fast flux hosting exploits.
Note you may want to use wording that is more generic. E.g "how it might encourage DNS nameserver operators to take steps" DNS nameserver operators currently include root server operators, registries, registrars, telcos, ISPs, hosting companies, corporations, small businesses and individuals. As far as I know the majority of fast flux behaviour is not on nameservers operated by registries or registrars (I could be wrong here but this is just based on what I have seen - I haven't seen any stats). Regards, Bruce Tonkin
Thanks Bruce, I will amend the motion accordingly, after others have commented or suggested other amendments. Mike -----Original Message----- From: "Bruce Tonkin" <Bruce.Tonkin@melbourneit.com.au> Date: Fri, 11 Apr 2008 10:29:14 To:"Council GNSO" <council@gnso.icann.org> Subject: RE: [council] Fast Flux Hosting Hello Mike,
Whereas, ICANN should consider whether and how it might encourage registry operators and registrars to take steps that would help to reduce the damage done by cybercriminals, by curtailing the effectiveness of these fast flux hosting exploits.
Note you may want to use wording that is more generic. E.g "how it might encourage DNS nameserver operators to take steps" DNS nameserver operators currently include root server operators, registries, registrars, telcos, ISPs, hosting companies, corporations, small businesses and individuals. As far as I know the majority of fast flux behaviour is not on nameservers operated by registries or registrars (I could be wrong here but this is just based on what I have seen - I haven't seen any stats). Regards, Bruce Tonkin
I suggest we solve the 1/3 v 2/3 vote issue by adding to the first resolves paragraph "for those issues within scope of the GNSO". Philip
participants (4)
-
Bruce Tonkin
-
cyrilchuaï¼ atmdlaw.com.sg
-
Mike Rodenbaugh
-
Philip Sheppard