i think someone needs to nuke this domain randy From: "Shopping" <Shopping@dnsstealer.com> To: randy@rg.net Subject: Confirmation: JC Penney Card Date: Mon, 13 Mar 2006 20:23:05 -0600 Dear randy@rg.net, We are attempting to contact you about the $250 JCPenney(R) Card and request you to complete your email address below: http://pny.dnsstealer.com/clk/53708886.15.251.101 Thank you for taking your time and on this offer. My best, List Manager If you no longer wish to receive Exclusive Gift Cards emails, visit the Exclusive Gift Cards site or visit the url: http://pny.dnsstealer.com/clk/53708886.15.251.102 Or, print a copy of this email and send it along with your request to: Exclusive Gift Cards, 13900 Jog Road, Suite 203-251, Delray Beach, FL 33446. http://pny.dnsstealer.com/uns/53708886.15.251 848 N. Rainbow Blvd. #1688 Las Vegas, NV 89107 -1020468834
I think your missing out on the $250 JC Penny card. You can buy a lot of swag with that! Randy Bush wrote:
i think someone needs to nuke this domain
randy
From: "Shopping" <Shopping@dnsstealer.com> To: randy@rg.net Subject: Confirmation: JC Penney Card Date: Mon, 13 Mar 2006 20:23:05 -0600
Dear randy@rg.net,
We are attempting to contact you about the $250 JCPenney(R) Card and request you to complete your email address below:
http://pny.dnsstealer.com/clk/53708886.15.251.101
Thank you for taking your time and on this offer.
My best,
List Manager
If you no longer wish to receive Exclusive Gift Cards emails, visit the Exclusive Gift Cards site or visit the url: http://pny.dnsstealer.com/clk/53708886.15.251.102 Or, print a copy of this email and send it along with your request to: Exclusive Gift Cards, 13900 Jog Road, Suite 203-251, Delray Beach, FL 33446.
http://pny.dnsstealer.com/uns/53708886.15.251
848 N. Rainbow Blvd. #1688 Las Vegas, NV 89107 -1020468834
At 11:00 PM 3/13/2006, Eric Brunner-Williams wrote:
isn't this a job for super-icann?
Better yet, why don't the registrars police themselves? -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
isn't this a job for super-icann? Better yet, why don't the registrars police themselves?
what you mean is why don't the registrars seriously vet their customers? i suspect the job is non-trivial, to say the least. and where is the financial motivation? at $10/year, what do you suggest they actually do? as a teensie registrar (for a half dozen small cctlds), and one who actually does try to verify that the admin poc answers the phone, etc. as well as server ops, 2182, etc, lemme tell you it is a major pita for me and for the folk who help vet. randy
At 12:37 AM 3/14/2006, David Ulevitch wrote:
On Mar 13, 2006, at 8:16 PM, Martin Hannigan wrote:
Better yet, why don't the registrars police themselves?
Many do. They just don't police each other.
Sure seems like security is AWOL on the registrars agenda: http://www.google.com/search?hl=en&lr=&domains=icann.org&q=botnet&btnG=Search&sitesearch=icann.org http://www.google.com/search?hl=en&lr=&domains=icann.org&q=zombie&btnG=Search&sitesearch=icann.org -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
On Tuesday 14 Mar 2006 07:11, Martin Hannigan wrote:
Sure seems like security is AWOL on the registrars agenda:
I thought we established last month that deleting domain names is a very good way of messing up the entire Internet. See the thread on losing entire data centres. If you have any useful proposals on how registrars might be of use in defending against botnets, I'm sure ICANN and friends are all ears. But unless you've found an amplification attack using whois servers, it probably isn't something the registrars can help you with. There is some discussion on phishing, but even here it isn't clear what a registrar could do, and most phishing these days doesn't involve the registrars at all. Randy's original comment was misplaced, it was the content, not the domain name he was objecting to. Deleting domain names is a very extreme, and oft times ineffective, way of trying to remove content. We've have enough trouble with ISPs with knee-jerk reactions to objectionable content, we don't need registrars adopting the same daft policies, or the Internet would collapse in a few weeks.
Simon Waters wrote: So.. ICANN, the domain name's importance to phishing and what registrars can do, in that order.
I thought we established last month that deleting domain names is a very good way of messing up the entire Internet. See the thread on losing entire data centres.
The domain today is the weak spot we need to hit. Using fast-flux, spammers (phishers), VX-ers, etc. jump from IP to IP even every 10 minutes. Whack-a-mole itself becomes impossible. Kill the domain (or the DNS RR) and you destroy the bottle-neck. Bad guys already seem to be bouncing back from the blacklisting of entire bulk registrations. They used to say, register 5K domains and use them as throw-away. Now we can black-list all of them ahead of time. Or at least we could do so, now they are already bouncing back with their new evolution in the whack-a-mole game. Terminate a DNS RR and they just create new ones, but the short-term effect, if you can make it happen, it worth it for TODAY. Terminate the domains (one doesn't really help) and you cost them money.
If you have any useful proposals on how registrars might be of use in defending against botnets, I'm sure ICANN and friends are all ears. But unless you've found an amplification attack using whois servers, it probably isn't something the registrars can help you with.
ICANN from the part I know them - the registrars and security front, are good people. They do good under their own constraints. We should stick to putting them down for so called "governance" issues. ICANN domain termination though is a useless process in practicality.
There is some discussion on phishing, but even here it isn't clear what a registrar could do, and most phishing these days doesn't involve the registrars at all.
I am not sure what the numbers are, but most phishing seems to involve this or that registrar. Many of the registrars today are extremely responsive. Godaddy showed that much, despite what people may think of their actions. I wonder, did we ever get their side of the story? All that aside, as I don't want to start that war again, many of the key registrars today are sitting on the reg-ops operational list and respond to new reports in semi-real time. They can't deal with the volume due to obvious limitations in how the process works, but anything reported to them gets checked into in a reasonable time, and acted upon. There are some blackhat registrars (mostly resellers), but that wasn't what we were discussing.
Randy's original comment was misplaced, it was the content, not the domain name he was objecting to. Deleting domain names is a very extreme, and oft times ineffective, way of trying to remove content.
We've have enough trouble with ISPs with knee-jerk reactions to objectionable content, we don't need registrars adopting the same daft policies, or the Internet would collapse in a few weeks.
The Internet is not going to die tomorrow. The domains reported are 2 out of a ... a lot, today alone. I think maybe we should all start sending in every bad domain we find into NANOG. </cynical> Sorry for the wake-up call, but how many domains out of those registered do you figure are legit or have legit contact information? Gadi.
participants (7)
-
David Ulevitch -
Eric Brunner-Williams -
Gadi Evron -
Martin Hannigan -
Randy Bush -
Simon Waters -
Steven Kalcevich