On Sun, 20 May 2007, Roger Marquis wrote:
All the same, it would seem to be an easy and cheap abuse to address, at the gtlds. Why are these obvious trojans are being propagated by the root servers anyhow?
the root servers are responsible how exactly for the fast-flux issues? Also, there might be some legittimate business that uses something like the FF techniques... but, uhm... how are the root servers involved again?
Nobody's saying that the root servers are responsible, only that they
but you said it: "at the gtlds. Why are these obvious trojans are being propagated by the root servers anyhow?"
are the point at which these domains would have to be squelched. In theory registrars could do this, but some would have a financial incentive not to. Also I don't believe registrars can update the roots quickly enough to be effective (correct me if I'm wrong).
I think you really mean 'TLD' not 'root'... I think, from playing this game once or twice myself, the flow starts with the registrar to the registry (in your example estdomains is the registrar and Verisign is the registry). i think it pretty much stops there. i suppose you COULD get ICANN to spank someone, but that's going to take a LONG time to accomplish. (I think atleast)
Given the obvious differences between legitimate fast flux and the pattern/domains in question it would seem to be a no-brainer, technically at least.
hrm... I don't think it's a technical stumbling block, though trying to pre-know who's bad and who's not might get you in trouble (say I register the domain lakjdauejalkasu91er.com and fast-flux it for my own 'good' use, how's that different from 'uzmores.com' ?). Anyway... I don't disagree that there ought to be a hammer here and it ought to be applied. I'm just not sure it's as simple as it appears at first blush.