NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Site enables automated flagging of "anonymously" registered domains
Back a thousand years ago (or so it feels) in the days of the ARPANET, I had a single phone number in Boston (to the BBN NCC) to call if there were problems at UCLA related to our ARPANET connection. As the network grew and evolved this expanded to printed directories of site POCs that now are collector's items. I was easy to find in those directories as NIC Ident LW2. And ya' know, what's generally considered to be the very first spam was sent to e-mail addresses pulled from that directory, including my address at the time. But we knew that the directory was invaluable since it provided a way to pick up the phone and actually reach a responsible human being when there were network problems. Today's Internet is in many ways run like a visit to a three-ring circus. All sorts of activity and "traffic" all over, sometimes appearing to be total mayhem. But at least there's usually the benefit of a ringmaster. However, when an Internet site is flooded with e-mails from a screwed- up database, or a misconfigured LAN pours billions of bits toward an innocent location, trying to shut down the flow can be an exercise in futility. Most of the time these sorts of problems are the result of simple misconfiguration errors and the source (at least in terms of domain name and often IP addresses) is obvious. But how to reach anybody at those sites when they're behind a masked/anonymous domain and network registrations? If you could talk to them the problem could likely be solved quickly. But anonymous domains trade privacy for network stability. So many people are so insistent that they don't want *any* spam coming to their vanity domains that the issues of keeping the network running fall by the wayside -- and registrars that heavily promote masked domains (usually at an extra premium cost of course) feed into this directly. In the U.S. at least, it's common for public record data to allow anyone to find out who owns a particular property in the vast majority of cases. Your privacy does not extend to secret property ownership, even for simple residences. In the Internet space, trying to find a "property owner" when there are problems indeed means playing "pretty please" with the often surly ISP contacts (both the domain and network address operations sides). Some, like Time Warner Cable, *won't even talk to you* unless you're law enforcement related. Their network abuse hotline tells you that unless you're a cop or a court, go away and send an e-mail, period. I've been publicly dealing with privacy issues for many years, and even a cursory look over my writings, interviews, and whatever show my dedication to the causes of privacy, free speech, civil rights, and a range of associated areas. But privacy is not absolute. It needs to be balanced against the needs both of the individual and society. In my opinion, we have allowed a haphazard implementation of masked, anonymous domains (combined with poor network abuse reporting and problem resolution mechanisms) to undermine important stability and security aspects of the Internet. There are really only two basic ways to try manage the Internet. One is via massive, weighty, centralized controls, which most of us probably would prefer not to see happen. The other is through *responsible* delegation of authority, which I don't believe is currently the operational case in general either. I'm not saying that it's impossible to have a variety of different privacy tiers available to domain holders. I am asserting that the current system is inappropriate and laden with risks to the Internet and its users at large. --Lauren-- NNSquad Moderator On 03/02 23:41, Richard Clayton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <20100302214945.GA31591@vortex.com>, Lauren Weinstein > <lauren@vortex.com> writes > > >As for anonymous/masked domains, I've written extensively on this > >since day one and found my predictions for abuse of anon domain > >registrations coming true all the way down the line. Using a domain > >name is like a fictitious name statement or DBA. > > ... or it might just be a wish for privacy ... in Europe people have > legal rights with respect to personal data; hence, for example, under > ",uk" individuals that own domains can (for free) prevent their details > being visible to all and sundry. However, domains owned by companies, or > that are used in the course of business do not have that right. > > >And whether or not > >you're doing business under a domain name, you are creating a public > >presence, and just as with a DBA you should still be easily contacted > >and held responsible for what you do with that name. > > for ".uk" the information is immediately available to regulatory > authorities ... so that's all right then :) > > >We all know that masked, anon domains are the favored tools of the > >spammers, phishers, botnet operators, and other crooks. > > hmmm... the phishers (who I've studied for some time) generally break > into other people's sites or use "free" web hosting. The number of > domains involved is low, and many of them are registered with fake > details rather than being anonymised. > > Still, doubtless you have good numerical data for the other examples; > > There were some robust sounding recent claims (from Knujon IIRC) about > spam senders, but I'm unaware of any studies re botnet operators, let > alone any other type of cybercriminal. > > >But even when assigned to honest folks, they create the potential for > >terrible network management problems, and I've personally had to help > >people deal with dozens of these. The typical case is when something > >goes wrong (accidentally) at a site and a misconfiguration causes > >floods of mail or other data toward innocent parties. > > hmmm... I find that it's usually better to work from the IP address and > hence through the connectivity provider, rather than talking with the > registered domain owner. Saves a lot of time talking with people who > have clue -- leaving them the problem of imparting that clue to the > person with the problem. YMMV of course. > > >For more than several cases of DDoS attacks that were brought to me by > >desperate users, I had to call the Office of the President of major > >ISPs before anyone would pay attention to fixing the problems. > > hmmm... an even less convincing example; DDoS attacks are all about > identifying the ownership of IP addresses not domain names; so I'd > strongly recommend working from RIR records rather than whois > > - -- > Dr Richard Clayton <richard.clayton@cl.cam.ac.uk> > tel: 01223 763570, mobile: 07887 794090 > Computer Laboratory, University of Cambridge, CB3 0FD > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBS42iO5oAxkTY1oPiEQKs4wCfbgrzWYOYZ4G0yJl5JVDdk1A33d4An10x > 4x5ALvi6Xi/8iu46GiVFW1P2 > =UvyQ > -----END PGP SIGNATURE-----