[Just for Info] DDoS Attacks against Dyn - Schneier on Security
Dear All, I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading. https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
Farell, I don’t think that WG has any direct role of preventing such attacks but it is possible that some of the possible requirements we consider could have indirect impacts. I believe we will need to consider whether and how an RDS could be used to facilitate attacks. Chuck From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Farell Folly Sent: Monday, October 24, 2016 5:42 AM To: RDS PDP WG <gnso-rds-pdp-wg@icann.org> Subject: [gnso-rds-pdp-wg] [Just for Info] DDoS Attacks against Dyn - Schneier on Security Dear All, I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading. https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html Best Regards @__f_f__ about.me/farell<http://about.me/farell> ________________________________. Mail sent from my mobile phone. Excuse for brievety.
Hello All, I offer my sympathy to Dyn for this new DDos attack. I hope the industry will wake up and start collaborating to make it tougher for criminals to destroy the trust that we still have in the Internet before it is too late. Nobody seems to be willing to work cross-stakeholder groups to build tougher defenses. End-users are still the ones having to suffer most from these attacks (i.e. latest attacks on banking cards in India). The Internet is not only the turf of fiercely independent software developers/computer geeks. The philosophy of the Internet is a legacy of these people's mentality and personality. But the Internet is also the place where Joe the Plumber does his shopping. Let the sun shine through and make another pact that could change how the Internet is perceived. The Internet worked because it was the private sector acting as a cooperative. Geeks should not take the lead in defining everyone's experience and exposure to risk. Let's make the Internet a communal place and protect the common interest by infusing a different philosophy to it. How about more BP Groups, WGs with manufacturers/end-users/Tech teams to raise the bar on security? I hope everybody is as fed up with these breaches as I am; enough anyway to change things and acknowledge the fact that Internet belongs to all of us. Nathalie On Monday, October 24, 2016 9:06 AM, "Gomes, Chuck" <cgomes@verisign.com> wrote: #yiv0578233711 -- filtered {panose-1:2 4 5 3 5 4 6 3 2 4;}#yiv0578233711 filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv0578233711 p.yiv0578233711MsoNormal, #yiv0578233711 li.yiv0578233711MsoNormal, #yiv0578233711 div.yiv0578233711MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv0578233711 a:link, #yiv0578233711 span.yiv0578233711MsoHyperlink {color:blue;text-decoration:underline;}#yiv0578233711 a:visited, #yiv0578233711 span.yiv0578233711MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv0578233711 p {margin-right:0in;margin-left:0in;font-size:12.0pt;}#yiv0578233711 p.yiv0578233711msonormal0, #yiv0578233711 li.yiv0578233711msonormal0, #yiv0578233711 div.yiv0578233711msonormal0 {margin-right:0in;margin-left:0in;font-size:12.0pt;}#yiv0578233711 span.yiv0578233711EmailStyle19 {color:windowtext;}#yiv0578233711 .yiv0578233711MsoChpDefault {}#yiv0578233711 filtered {margin:1.0in 1.0in 1.0in 1.0in;}#yiv0578233711 div.yiv0578233711WordSection1 {}#yiv0578233711 Farell, I don’t think that WG has any direct role of preventing such attacks but it is possible that some of the possible requirements we consider could have indirect impacts. I believe we will need to consider whether and how an RDS could be used to facilitate attacks. Chuck From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org]On Behalf Of Farell Folly Sent: Monday, October 24, 2016 5:42 AM To: RDS PDP WG <gnso-rds-pdp-wg@icann.org> Subject: [gnso-rds-pdp-wg] [Just for Info] DDoS Attacks against Dyn - Schneier on Security Dear All, I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading. https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
In all honesty, I do not believe this attack showcases an issue with the DNS industry assembled within ICANN. This shows a much bigger problem with the manufacturers of IoT gear that is too easy to get into. The devices must be made secure to prevent "bad actors" from gaining access and weaponizing them. As long as babyphones and electric feetwarmers can be hacked from remote, they will be and nothing we as the DNS industry do will stop that. Best, Volker Am 24.10.2016 um 17:22 schrieb nathalie coupet via gnso-rds-pdp-wg:
Hello All,
I offer my sympathy to Dyn for this new DDos attack. I hope the industry will wake up and start collaborating to make it tougher for criminals to destroy the trust that we still have in the Internet before it is too late. Nobody seems to be willing to work cross-stakeholder groups to build tougher defenses. End-users are still the ones having to suffer most from these attacks (i.e. latest attacks on banking cards in India). The Internet is not only the turf of fiercely independent software developers/computer geeks. The philosophy of the Internet is a legacy of these people's mentality and personality. But the Internet is also the place where Joe the Plumber does his shopping. Let the sun shine through and make another pact that could change how the Internet is perceived. The Internet worked because it was the private sector acting as a cooperative. Geeks should not take the lead in defining everyone's experience and exposure to risk. Let's make the Internet a communal place and protect the common interest by infusing a different philosophy to it. How about more BP Groups, WGs with manufacturers/end-users/Tech teams to raise the bar on security? I hope everybody is as fed up with these breaches as I am; enough anyway to change things and acknowledge the fact that Internet belongs to all of us. Nathalie
On Monday, October 24, 2016 9:06 AM, "Gomes, Chuck" <cgomes@verisign.com> wrote:
Farell, I don’t think that WG has any direct role of preventing such attacks but it is possible that some of the possible requirements we consider could have indirect impacts. I believe we will need to consider whether and how an RDS could be used to facilitate attacks. Chuck *From:*gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] *On Behalf Of *Farell Folly *Sent:* Monday, October 24, 2016 5:42 AM *To:* RDS PDP WG <gnso-rds-pdp-wg@icann.org> *Subject:* [gnso-rds-pdp-wg] [Just for Info] DDoS Attacks against Dyn - Schneier on Security Dear All, I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading. https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html Best Regards @__f_f__ about.me/farell <http://about.me/farell> ________________________________. Mail sent from my mobile phone. Excuse for brievety.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
You are right Chuck about the WG's role , It was just to call our attention so that it can help us set up better requirements or have a better understanding on security issues associated with the Next Gen-RDS (at the era of IoT.) Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety. Le 24 oct. 2016 13:06, "Gomes, Chuck" <cgomes@verisign.com> a écrit :
Farell,
I don’t think that WG has any direct role of preventing such attacks but it is possible that some of the possible requirements we consider could have indirect impacts. I believe we will need to consider whether and how an RDS could be used to facilitate attacks.
Chuck
*From:* gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg- bounces@icann.org] *On Behalf Of *Farell Folly *Sent:* Monday, October 24, 2016 5:42 AM *To:* RDS PDP WG <gnso-rds-pdp-wg@icann.org> *Subject:* [gnso-rds-pdp-wg] [Just for Info] DDoS Attacks against Dyn - Schneier on Security
Dear All,
I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading.
https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html
Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
I think the article (and others along similar lines) are interesting reading. But I am totally mystified how this has anything to do with this PDP. Full disclosure: Dyn is my employer. A On Mon, Oct 24, 2016 at 09:42:18AM +0000, Farell Folly wrote:
Dear All,
I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading.
https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html
Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Andrew Sullivan ajs@anvilwalrusden.com
As someone who did some investigation (probably not nearly as much as Andrew) on this attack, the only things that helped me start disrupting C2s is accurate registrar info (in many cases C2s used ccTLDs making it moot) so I know who to talk to in order to nuke C2 domains and to a leaser extent accurate registrant data (rarely for notification as they are the suspect party, more for programmatic tracking of what they register next). Just my 2 cents. Sent from my iPhone
On Oct 24, 2016, at 19:29, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
I think the article (and others along similar lines) are interesting reading. But I am totally mystified how this has anything to do with this PDP.
Full disclosure: Dyn is my employer.
A
On Mon, Oct 24, 2016 at 09:42:18AM +0000, Farell Folly wrote: Dear All,
I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading.
https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html
Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Agree with Andrew. This is not a listserv for interesting articles and topics. We have a mandate. Kiran Malancharuvil Policy Counselor MarkMonitor 415-419-9138 (m) Sent from my mobile, please excuse any typos.
On Oct 24, 2016, at 10:30 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
I think the article (and others along similar lines) are interesting reading. But I am totally mystified how this has anything to do with this PDP.
Full disclosure: Dyn is my employer.
A
On Mon, Oct 24, 2016 at 09:42:18AM +0000, Farell Folly wrote: Dear All,
I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading.
https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html
Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
@andrew et al Sorry for spamming. Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety. Le 24 oct. 2016 17:50, "Kiran Malancharuvil via gnso-rds-pdp-wg" < gnso-rds-pdp-wg@icann.org> a écrit :
Agree with Andrew. This is not a listserv for interesting articles and topics. We have a mandate.
Kiran Malancharuvil Policy Counselor MarkMonitor 415-419-9138 (m)
Sent from my mobile, please excuse any typos.
On Oct 24, 2016, at 10:30 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
I think the article (and others along similar lines) are interesting reading. But I am totally mystified how this has anything to do with this PDP.
Full disclosure: Dyn is my employer.
A
On Mon, Oct 24, 2016 at 09:42:18AM +0000, Farell Folly wrote: Dear All,
I would like to share this with you. It will question one more time how the Internet ecosystem will handle this IoT era and what role we can (this WG) play to ensure that the best measures / funtionalities /requirement are in place to prevent or reduce such attacks on the DNS infrastructure. Good reading.
https://www.schneier.com/blog/archives/2016/10/ddos_attacks_ag.html
Best Regards @__f_f__ about.me/farell ________________________________. Mail sent from my mobile phone. Excuse for brievety.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
participants (7)
-
Andrew Sullivan -
Farell Folly -
Gomes, Chuck -
John Bambenek -
Kiran Malancharuvil -
nathalie coupet -
Volker Greimann