Dear At-Large community members: We have the pleasure of providing the attached for your review. ------ Forwarded Message From: Dave Piscitello <dave.piscitello@icann.org> Date: Tue, 11 Mar 2008 12:00:49 -0700 To: Nick Ashton-Hart <Nick.Ashton-Hart@icann.org>, <rguerra@privaterra.ca>, <vanda@uol.com.br>, <cheryl@hotek.com.au> Cc: Steve Crocker <steve@shinkuro.com> Subject: Transmittal of SAC 025 to ALAC 12 March 2008 Transmittal of SAC025: Fast Flux Hosting and DNS to the ALAC At the direction of the ICANN Board of Directors, the Security and Stability Advisory Committee invites the ALAC to consider the accompanying Advisory, SAC 025: Fast Flux Hosting and DNS. A PDF of the Advisory may be downloaded from the ICANN web site at http://www.icann.org/committees/security/sac025.pdf Cyber-criminals and Internet miscreants use Fast Flux hosting to frustrate anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today. One variant of fast flux hosting, "double flux", exploits the domain name registration and name resolution services. SAC 025 describes the technical aspects of fast flux hosting and fast flux service networks and explains how the DNS is exploited to abet criminal activities that employ fast flux hosting. The Advisory discusses current and possible methods of mitigating fast flux hosting at various points in the Internet and identifies those methods that SSAC considers practical and sensible. SSAC asks that the ALAC consider in particular the Section entitled Shut Down the fast flux hosts, where measures to reduce the number of hosts that attackers can compromise and use in fast flux attacks are discussed. While these measures alone cannot eliminate fast flux hosting, they can greatly improve the overall Internet security baseline if implemented broadly and uniformly. We thank you in advance for your time and consideration. David Piscitello ICANN Senior Security Technologist, On behalf of the SSAC ------ End of Forwarded Message