NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Site enables automated flagging of "anonymously"registered domains
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <20100302214945.GA31591@vortex.com>, Lauren Weinstein
<lauren@vortex.com> writes
>As for anonymous/masked domains, I've written extensively on this
>since day one and found my predictions for abuse of anon domain
>registrations coming true all the way down the line. Using a domain
>name is like a fictitious name statement or DBA.
... or it might just be a wish for privacy ... in Europe people have
legal rights with respect to personal data; hence, for example, under
",uk" individuals that own domains can (for free) prevent their details
being visible to all and sundry. However, domains owned by companies, or
that are used in the course of business do not have that right.
>And whether or not
>you're doing business under a domain name, you are creating a public
>presence, and just as with a DBA you should still be easily contacted
>and held responsible for what you do with that name.
for ".uk" the information is immediately available to regulatory
authorities ... so that's all right then :)
>We all know that masked, anon domains are the favored tools of the
>spammers, phishers, botnet operators, and other crooks.
hmmm... the phishers (who I've studied for some time) generally break
into other people's sites or use "free" web hosting. The number of
domains involved is low, and many of them are registered with fake
details rather than being anonymised.
Still, doubtless you have good numerical data for the other examples;
There were some robust sounding recent claims (from Knujon IIRC) about
spam senders, but I'm unaware of any studies re botnet operators, let
alone any other type of cybercriminal.
>But even when assigned to honest folks, they create the potential for
>terrible network management problems, and I've personally had to help
>people deal with dozens of these. The typical case is when something
>goes wrong (accidentally) at a site and a misconfiguration causes
>floods of mail or other data toward innocent parties.
hmmm... I find that it's usually better to work from the IP address and
hence through the connectivity provider, rather than talking with the
registered domain owner. Saves a lot of time talking with people who
have clue -- leaving them the problem of imparting that clue to the
person with the problem. YMMV of course.
>For more than several cases of DDoS attacks that were brought to me by
>desperate users, I had to call the Office of the President of major
>ISPs before anyone would pay attention to fixing the problems.
hmmm... an even less convincing example; DDoS attacks are all about
identifying the ownership of IP addresses not domain names; so I'd
strongly recommend working from RIR records rather than whois
- --
Dr Richard Clayton <richard.clayton@cl.cam.ac.uk>
tel: 01223 763570, mobile: 07887 794090
Computer Laboratory, University of Cambridge, CB3 0FD
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBS42iO5oAxkTY1oPiEQKs4wCfbgrzWYOYZ4G0yJl5JVDdk1A33d4An10x
4x5ALvi6Xi/8iu46GiVFW1P2
=UvyQ
-----END PGP SIGNATURE-----