This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] New Abuse Information on RIPE NCC Website

Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ronald F. Guilmette rfg at tristatelogic.com
Thu Jun 27 22:14:36 CEST 2013

In message <D1AC4482BED7C04DAC43491E9A9DBEC381AA4361 at bkexchmbx02.blacknight.loc
al>, "Michele Neylon :: Blacknight" <michele at blacknight.com> wrote:

>On 27 Jun 2013, at 14:13, furio ercolessi <furio+as at spin.it> wrote:
>> Therefore the responsibility for terminating C&C domains lies on the 
>> registries, not on the DNS providers (that may not even exist).
>
>Not necessarily.
>
>If registries are going round the place pulling domains it causes headaches for registrars

Do you know what this is?

->.<-

Answer:  World's smallest violin.

In short, any registrar who cannot cope with a reasonable action taken to
defend the Internet from a botnet should get out of the business.  The
world does not revolve around them.

> - and the registries don't have a contract / agreement with the registrant 

Correct, and in this context, that is a Good Thing, because it means that
they can kill a C&C domain and they are not breaking any contract when they
do so.

So what is the problem?

>And I don't see how a domain can resolve without a DNS provider - that makes zero sense.

The criminals use hijacked machines of their own choosing (they usually have
many to choose from) to supply whatever DNS they need.  They have no reliance
on traditional third-party suppliers of DNS, such as ISPs or registrars or
dedicated DNS providers.  (I suspect that this is what Furio was trying to
say.)

>> The .AT and .LV cases have been two rather dramatic cases where the
>> registries were sitting there doing nothing for a very long time, while 
>> the word spread among criminals that they were a 'safe haven'.  
>
>That's highly defamatory.
>
>I don't think the managers of either ccTLD would appreciate anyone referring to them using that tone.

On this side of the pond, we have a saying... "If the shoe fits..."

>> Similar problems have then occurred in .PL and .RU as well.
>
>Again - broad sweeping statements.

Again, broadly true.

I _personally_ have cataloged tens of thousands of crooked fake pharmacy
domains, all registered under the .RU ccTLD.

>I'd take you more seriously if you referred to the current state of play and not some past issues that have been addressed

You really think that the problems with .RU have been "addressed"??  On what
do you base this belief?

Regards,
rfg

Previous message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website
Next message (by thread): [anti-abuse-wg] New Abuse Information on RIPE NCC Website

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]