This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Jun 27 22:14:36 CEST 2013
In message <D1AC4482BED7C04DAC43491E9A9DBEC381AA4361 at bkexchmbx02.blacknight.loc al>, "Michele Neylon :: Blacknight" <michele at blacknight.com> wrote: >On 27 Jun 2013, at 14:13, furio ercolessi <furio+as at spin.it> wrote: >> Therefore the responsibility for terminating C&C domains lies on the >> registries, not on the DNS providers (that may not even exist). > >Not necessarily. > >If registries are going round the place pulling domains it causes headaches for registrars Do you know what this is? ->.<- Answer: World's smallest violin. In short, any registrar who cannot cope with a reasonable action taken to defend the Internet from a botnet should get out of the business. The world does not revolve around them. > - and the registries don't have a contract / agreement with the registrant Correct, and in this context, that is a Good Thing, because it means that they can kill a C&C domain and they are not breaking any contract when they do so. So what is the problem? >And I don't see how a domain can resolve without a DNS provider - that makes zero sense. The criminals use hijacked machines of their own choosing (they usually have many to choose from) to supply whatever DNS they need. They have no reliance on traditional third-party suppliers of DNS, such as ISPs or registrars or dedicated DNS providers. (I suspect that this is what Furio was trying to say.) >> The .AT and .LV cases have been two rather dramatic cases where the >> registries were sitting there doing nothing for a very long time, while >> the word spread among criminals that they were a 'safe haven'. > >That's highly defamatory. > >I don't think the managers of either ccTLD would appreciate anyone referring to them using that tone. On this side of the pond, we have a saying... "If the shoe fits..." >> Similar problems have then occurred in .PL and .RU as well. > >Again - broad sweeping statements. Again, broadly true. I _personally_ have cataloged tens of thousands of crooked fake pharmacy domains, all registered under the .RU ccTLD. >I'd take you more seriously if you referred to the current state of play and not some past issues that have been addressed You really think that the problems with .RU have been "addressed"?? On what do you base this belief? Regards, rfg
- Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
- Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]