Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
....at what point is the Internet a piece of infrastructure whereby we actually need a way to watch this thing holistically as it is one system and not just a bunch of inter-jointed systems? Who's job is it to do nothing but ensure that the state of DNS and other services is running as it should....who's the clearing house here.
The Internet: Discovering new SPOF since 1969! :) Thanks.
Perhaps we should setup a distributed system for checking things rather than another SPOF. That's distributed both geographically and administratively and using several code-bases. In this context, I'd expect lots of false alarms due to people changing their DNS servers but forgetting to inform their monitoring setup (either internal or outsourced). How would you check/verify that the communication path from the monitoring agency to the right people in your NOC was working correctly? -- These are my opinions. I hate spam.
I think ICANN would have to add a delay in where a request was sent out to make sure everyone was on the same page and then what happens the couple thousand (more) times a day that someone isn't updated or is misconfigured? I think Netsol should be fined. Maybe even a class action suite filed against them for lost business. And that's it. On Jun 20, 2013 11:28 PM, "Hal Murray" <hmurray@megapathdsl.net> wrote:
....at what point is the Internet a piece of infrastructure whereby we actually need a way to watch this thing holistically as it is one system and not just a bunch of inter-jointed systems? Who's job is it to do nothing but ensure that the state of DNS and other services is running as it should....who's the clearing house here.
The Internet: Discovering new SPOF since 1969! :) Thanks.
Perhaps we should setup a distributed system for checking things rather than another SPOF. That's distributed both geographically and administratively and using several code-bases.
In this context, I'd expect lots of false alarms due to people changing their DNS servers but forgetting to inform their monitoring setup (either internal or outsourced).
How would you check/verify that the communication path from the monitoring agency to the right people in your NOC was working correctly?
-- These are my opinions. I hate spam.
On Thu, 20 Jun 2013 23:42:24 -0400, shawn wilson said:
I think Netsol should be fined. Maybe even a class action suite filed against them for lost business. And that's it.
So your contract with NetSol has an SLA guarantee in it, and you can demonstrate that (a) said SLA has been violated and (b) that NetSol has not made the contracted restitution?
Hi Shawn. Or you could vote with your feet, and wish then a "fine" g'day. John John Souvestre - New Orleans LA - (504) 454-0899 -----Original Message----- From: shawn wilson [mailto:ag4ve.us@gmail.com] Sent: Thursday, June 20, 2013 10:42 pm To: Hal Murray Cc: North American Network Operators Group Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) I think ICANN would have to add a delay in where a request was sent out to make sure everyone was on the same page and then what happens the couple thousand (more) times a day that someone isn't updated or is misconfigured? I think Netsol should be fined. Maybe even a class action suite filed against them for lost business. And that's it. On Jun 20, 2013 11:28 PM, "Hal Murray" <hmurray@megapathdsl.net> wrote:
On Thu, 20 Jun 2013 20:25:24 -0700, Hal Murray said:
How would you check/verify that the communication path from the monitoring agency to the right people in your NOC was working correctly?
Remember to consider the possible impact of a false-positive report over an unauthenticated channel. Because if it's possible, somebody will try it, just because they just want to watch stuff burn. :)
On 6/20/13, Hal Murray <hmurray@megapathdsl.net> wrote:
Perhaps we should setup a distributed system for checking things rather than another SPOF. That's distributed both geographically and administratively and using several code-bases. [snip]
I would be in favor of being able to pay two "competitive" to be registrars for a domain, and assign them two roles: "Registrar Primary" and "Registrar Auditor" With the requirement that all changes to the domain be initiated with my "Primary Registrar", AND no major change would be allowed to take effect until validated by my secondary "change Auditor Registrar" Including changes to NS records, DS records, contacts, unlocking, renewal, deactivation, or transfers. Essentially, forcing me to submit the same change to both registrars, but denying either registrar the capability of forging authorization or submitting changes that I had not authorized. Also (in some measure) protecting me from identity theft, and other security issues -- since there are now two accounts with two providers, possibly with different authentication procedures. -- -JH
"Registrar Primary" and "Registrar Auditor"
There are certainly registrars who are more security oriented than Netsol. If you haven't followed all of the corporate buying and selling, Netsol is now part of web.com, so their business is more to support web hosting than to be a registrar. I expect that if you put your domain at Markmonitor or CSC corporate domains, you would not have this problem, and you would pay accordingly.
participants (6)
-
Hal Murray -
Jimmy Hess -
John Levine -
John Souvestre -
shawn wilson -
Valdis.Kletnieks@vt.edu