ddos from .mil, and from state.oh.us
Oki all, A month ago today Gadi was looking for a contact at US .mil, this morning I had the same need, as a node in the nipr.mil playpen was a major player in a 100+ node ddos directed at a web blog customer we host -- it had a high rate of fire, accounting for over 20% of the total POST methods. Email to the DO was a waste of time, but I did find a useful contact. One of the nodes used in today's ddos against that customer blog appeard in a seperate multi-thousand ad insert (unpaid, naturally) attack on another of our customer blogs, accounting for about half of the total POST methods. If anyone has a useful contact in the state.oh.us playpen, please drop me a line. Email since 24/Nov is unanswered. TiA, Eric
Re: no whois info ?
In an earlier episode I pointed out to the list-resident VGRS person that
the dynamic properties introduced for one marketing purpose would have a
consequence in another problem domain, but no point revisiting that issue.
[EMAIL PROTECTED] (Peter Corlett) wrote:
> There's some awful tinpot domain registrars out there where you have
> to wonder if their whois server is on the end of a dialup link, but
> fortunately I'm not attempting to access those.
The ICANN Registrar agreement has no transactional temporal property
for :43 queries. In fact, quite a few registrars associated with one of
several outsource business models, e.g., the Tucows HRS customers (complete),
the Pool thead customers (partial addr allocation), etc., use common :43
servers.
I've tried to work this problem, but it appears to require cooperation
between isps and registrars, and that's just not happening, and agreement
that persistent (hours or longer) name-to-address associations factor into
the prevelant economic spam business models, and that's just not happening
either as spam-presentation (to the user or the interposing device) is the
problem of choice. Schemes to exhaust the dotted quad space, or exhaust
the dotted string space (*lists generally) just don't help identify one
asset economic spam schemes appear to require to extract value from the
spam-presentation instances -- a return path that works.
So, call the small registrars names as long as you want, and as long as
you don't want to pay for a service, and spend your money elsewhere on
something that works better, for some value of better.
Cheers,
Eric
<{registry,registrar,isp}_hat = "off">
Re: no whois info ?
Rich, You have an opinion, but I'm unable to detect a basis for that opinion. Allocations of string-space do not give rise to control over any resource other than (conditionally) the string. Publication of association(s) between strings and addresses, as well as the formation of an association subject to a publication policy, involves zero or more parties other than a "registrant", and there are several orders of magnitude fewer entities other than "registrants" that participate in address association and association publication. It wouldn't hurt you to read our spec, if only for the nomenclature. If you read some EU data directives, so much the better. You may want to look at the whois policies of the RIRs and some of the ccTLD operators. See also http://www.imc.org/ietf-whois/mail-archive/msg00218.html and rfc3912 Eric
fwd: contact for the world etc (nanog)
Oki all, FYI Eric --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Tue Dec 14 15:07:09 2004 Return-Path: <[EMAIL PROTECTED]> Received: from TheWorld.com (pcls3.std.com [192.74.137.143]) by nic-naa.net (8.13.1/8.13.1) with ESMTP id iBEF78Cm009901 for <[EMAIL PROTECTED]>; Tue, 14 Dec 2004 15:07:08 GMT (envelope-from [EMAIL PROTECTED]) Received: from world.std.com ([EMAIL PROTECTED] [69.38.147.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id iBEJ4rW5012319; Tue, 14 Dec 2004 14:04:53 -0500 Received: (from [EMAIL PROTECTED]) by world.std.com (8.12.8p1/8.12.8) id iBEJ4qV1016516; Tue, 14 Dec 2004 14:04:52 -0500 (EST) Date: Tue, 14 Dec 2004 14:04:52 -0500 (EST) Message-Id: <[EMAIL PROTECTED]> From: Barry Shein <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: contact for the world etc (nanog) As far as I can tell I'm permanently blocked from nanog for no reason I understand or care much about. Oh well, if someone there wants info I have I guess they can pay my consulting rates. The text the guy cites isn't from our staff, we don't even have an auto-ack system. Maybe it's from some customer or maybe entirely forged, he doesn't include any headers and seems to just want to vent. Anyhow, that's all the time I plan to spend on this one, too bad nanog has become so useless. Feel free to forward. - -- -Barry Shein Software Tool & Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* --- End of Forwarded Message
Re: Interesting DNS problem.
a related problem is having N ip addrs bound to M nics on a host, where N > M. if an ssl connection fails and debug is needed between the M:N:host and some other ssl-speaking box, then it makes a difference if the ssl connection is associated with the primary, or some aliased (set N-1) ip addr. client failure semantics are primary address specific, for some value of ssl clients. in theory you could alias an ns box's ip addrs (just did that, renumbering), and have multi-addrs on a server authoritative for multi-zones, and not have a flag day. have fun, jobs are scarce as hen's teeth.
Re: latest FCC rulings
Agreed. Both Copps and Adelstein are worth reading. http://wampum.wabanaki.net/archives/001512.html
Re: New Computer? Six Steps to Safer Surfing
Got (soy) milk? The WaPo writer's take on cookies is ... not mine. Then again, I wrote the cookie portions of the P3P spec and was "inside" the meetings between M$'s IE team circa IE5.5 pre-fcs and the (other) IAB (the word is "Advertizers") and the P3P tech and policy teams. I worked for Engage (statistical user tracking) and compeated with DoubleClick (deterministic user tracking) at the time, so I wouldn't know as much as he does. Walking down the cookie path there is ... name: WebLogicSessionAc2 cont: BFQyXGC69R1Z50JL8ZBuhBubbnR3BzbFzqythwbSKtlS59ZX41Sw!-1332720106!-548373882 host: www.washingtonpost.com path: / type: any type of connection expr: at end of session 616 bits of session state labl: none name: DMID3 cont: 4WuLXH8AAAEAAD40XBYAAABD host: .rsi.washingtonpost.com path: / type: any type of connection200 bits of persistent state expr: 12/14/24 09:13:45 persistent till 2024 labl: stores identifiable information without any user consent name: sa_cdc_u cont: g0020020006AB1103466779794930.0018C61897 host: .surfaid.ihost.com path: /crc type: any type of connection376 bits of persistent state expr: 01/29/12 18:45:58 persistent till 2012 labl: does not store identifiable information Registration form interposition, collecting email address password us zip code iso3166 id (string form) gender year of birth job title primary responsiblity job industry company size 1st-party marketing click box (default opt out) 3rd-party marketing click box (default opt out) 16 x 1st-party targeted content click box (default opt out) --- first name (optional) last name (optional) street address (optional) street name (optional) apt. number (optional) city (optional) state (optional) 3rd-party (American Express) marketing click box (default opt out) 10 diget telephone number (disclosure noted to AmEx) (optional) 3rd-party (International Living) marketing click box (default opt out) --- in very small font and with gray-on-blue color difference is this: By submitting your registration information, you indicate that you agree to our User Agreement Privacy Policy. these two texts are not displayed by default, each has an anchored link, not a checkbox, that must be manually clicked to display the associated legal agreement. --- I decided I was Vint Cerf and I was CEO of a 50-100 person cluster-phuck in the IT rackets. As good a stuckee as any. And yes, all this good stuff is sent in the clear, over an unencrypted link. More cookies follow: --- name: ASPSESSIONIDSSTSRRQB cont: LPAKIBLBPJJFNFKOCFOEHMAP host: financial.washingtonpost.com path: / type: any type of connection expr: at end of session 208 bits of session state labl: stores identifiable information without any user consent name: test_cookie cont: CheckForPermission host: .doubleclick.net path: / type: any type of connection expr: 12/19/04 10:24:40 labl: stores identifiable information without any user consent name: ru4.28 cont: 1#1106#0#1106=ad-1106-154|1|1103470287%7C1106%7Cad-1106-154%7Cpl-1106-125%7Ccontrol%7C0%7Cpl-1106-125%2526northeast%2526morning%2526noinfo%2526high%25260%2526C3%7C28|null%7Cnull%7Cnull%7Cnull%7Cnull%7Cnull%7Cnoinfo%2526noinfo%2526noinfo%2526noinfo%2526noinfo%2526noinfo%2526noinfo%7C0|1103470287# host: .edge.ru4.com path: / type: any type of connection expr: 02/17/05 10:12:14 2408 bits of persistent state labl: stores identifiable information without any user consent At this point the registration page is interposed again, and submitted again, and no more cookies appear to be deposited or replayed and modified, but are there actually only that many cookies??? Snuck in are these additional cookies: name: ACID cont: ee140011034695480036! host: .advertising.com path: / type: any type of connection expr: at end of session 176 bits of session state labl: stores identifiable information without any user consent name: ru4.1106.gts cont: 2 host: edge.ru4.com path: / type: any type of connection expr: 02/17/05 10:13:46 labl: stores identifiable information without any user consent name: 86698181 cont: _41c59bec,0668393370,699393^235460_ host: .servedby.advertising.com path: / type: any type of connection expr: at end of session 288 bits of session state labl: stores identifiable information without any user consent name: SESSIONREM cont: (my wife's pc [EMAIL PROTECTED], omitted) host: .washingtonpost.com path: / type: any type of connection expr: at end of session labl: none name: DMSEG cont: 9463E8EFE54A1281&F04462&41C4D577&41C6E29B&0&&41C30F4B&5D313C73C487FF2C5853E61C6A470E77 host: .washingtonpost.com path: / type: any type of connection exp
A Road Runner NOC contact
Off list please. A user issue. Sensetive.
Re: Survey of interest ..
I first read their report on blogs ... We're holding the Koufax Awards _now_ for lefty blogs, so we're about as root on the left hand side of the radio dial as one could hope for. It wasn't worth reading twice. Turning to the Pew vetted punditocracy, I went to the questionaire. Q9a got the belly laugh. Q9a.Prediction on attacks on network infrastructure. At least one devastating attack will occur in the next 10 years on the networked information infrastruture or the country's power grid. Somewhere on my extended desk is a critical paper by a zoomie on the power grid as a target. OK. So one would have to be literate in a particular genre. The Army Air Corp started targeting power generation and distribution in the metro NY area in the late '30s, to see what a strategic bombing campaign against national civilian infrastructure could accomplish. Results are mixed, from the empirical experiences in the WW2 period, through GW1 and the Yugoslav war, and the conclusion is ... it is wicked difficult, even with lots of expensive planes and many, many fine bombs, and possibly effective by any of several metrics _only_ when the targeted nation is isolated and the campaign is of unlimited duration, as under all other models (and emperical tests) the results are negative. Sixty six percent of the Pew respondents agreed with the assertion. Only seven percent challenged the prediction, another eleven percent disagreed with the predictive model. I'll cut to the chase. The Pew questionaire in this instance is bad scholarship. It promotes an already well answered question (vulnerability) as if it were not answered, and as a side-effect, promotes the presumption that targeting the power generation and distribution capacity of hostile states isn't a waste of finite military and industrial resources. Boeing and its cognates and Bob Dornan and his cognates may benefit, but that wasn't the apparent policy goal. As for the other part of the question, routers twinkle. Worldcom, Enron and failed switches would be less ... fantastic lines of inquiry. Would you like some snow? We're celebrating the 1998 Ice Storm in NNE today. http://wampum.wabanaki.net/archives/001610.html Cheers, Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
> 4) all domains with invalid whois data MUST be deactivated (not >confiscated, just temporarily removed ... All? Even those unpublished and therefore non-resolving? Sensible for the scoped-to-totality trademarks weenies who argue that the stringspace is a venue for dilution, whether the registry publishes all of its allocations or not. I'm not sure why anyone cares about a very large class of domains in the context of SMTP however. > 5) whois data MUST be normalized and available in machine-readable form There are some registries that use paper to answer registration queries. I'm not sure why anyone cares about a very small class of domains in the context of SMTP however. Aggregation and reformatting have their place. We explored this in the whoisfix bofs but no working group congealed around "fixing" :43. Again, I'm not sure why anyone cares about a very large class of whois:43 output sources in the context of SMTP however. Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
> Why would it matter if you deactivated an unpublished/non-resolving domain? How do "you deactivate an unpublished/non-resolving domain"? You may borrow a registrar or registry hat if that is useful to answer the question. > If you care about the domain, keep the whois data up to date and accurate. That is the policy articulated by the trademarks "stakeholders" in the ICANN drama, but how does their policy, which is indifferent to any condition but strindspace allocation, relate to any infrastructure that has one or more additional constraints? > > I'm not sure why anyone cares about a very large class of domains in the > > context of SMTP however. > > For one thing, a very large class of domains are being used as > throwaways by spammers ... Do you know anything about the acquisition pattern at all, or if there is any useful characterization finer in scope than "all"? > ... (thanks, VRSN!) I pointed out to Mark here on NANOG months ago that there were side effects to pursuit of zonefile publication that was asynchronous with whois data publication. Now that the temporal properties of resolution by one or more registries has your attention, just what part of the actions by all registrants is controlling? > potential protection value whois might offer, and allows spammers and > other abusers to fly below the radar, accountable to nobody. I'm sure they pay their ns providers, and their isps, for the critical portions of the value return path. > > There are some registries that use paper to answer registration queries. > > And? You appear to see a policy that would cause them to change their operational practice, and I'm not clear on how your policy goal would benefit them, or how they would recover costs if your policy goal did not benefit them. > > I'm not sure why anyone cares about a very small class of domains in the > > context of SMTP however. > > It's not a very small class of domains with more or less unpredictable > data formats. It's ALL of them, or damn near. So in your current conceptual model, a uniform distribution correctly characterizes the utility of knowing any particular registrar's or registry's whois (whois/tcp or http-form-post/tcp) format? > I should be able to write > a program, relatively easily, that would give me any available contact > or registrant information on a per-field basis, from any whois service. > The wide variety and nonuniformity of the existing services makes that > task daunting at best ... Have you considered looking for a paid service that does :43 reformatting? > > Aggregation and reformatting have their place. We explored this in the > > whoisfix bofs but no working group congealed around "fixing" :43. > > What were the objections/sticking points? I'll see if I still have the minutes. > > Again, I'm not sure why anyone cares about a very large class of whois:43 > > output sources in the context of SMTP however. > > It's not just the context of SMTP. It's the context of accountability on > the Internet, which bad actors are exploiting, currently, via SMTP. Hmm. I'd prefer to stay on point. As for accountability and bad actors, this is a target rich environment. For instance, all paid registrations for .net domains after mid-year already present an interesting accountability issue. > I really do think it would benefit some folks here to read up on the > "broken windows theory" of crime prevention. Anyone in particular? Is the theory a better choice than empirical data? Eric registry, registrar, whoisfix and epp hats lying around somewhere, most collecting snow today.
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
> Numerous (as in "at least hundreds, probably more") of spam gangs are > purchasing domains and "burning through" them in spam runs. In many > cases, there's a pattern to them; in others, if there's a pattern, > it's not clear to me what it might be. >From my point of view, "pattern" is which registars are getting the buys, for which registries, where the ns's are hosted, and for domains used in the return value side, hosting details. The latter to reduce to RIR CIDRs. There is more, but that is the first cut, localization of registrar(s) and registries and CIDRs. > This bunch prefers domains in .info -- no doubt motivated in part by things > like the recent $1.95 sale on such domains. OK. Now you've identified price as a significant control variable. There are registrars that don't sell .info. I don't. There are registars that don't sell to directly to registrants. I can think of half a dozen of us who only sell to corporations and bonafide people who buy reasonable names. Transcendental numbers in decimal character form are "reasonable". Your two example sets are not "reasonable". > The dirty little secret is that all this activity on the part of spammers > is a gold mine for registrars. This isn't going to make me think you can add or subtract. > It's gotten so bad that -- to a darn good first approximation -- if you > find a domain in the .biz or .info TLDs I agree, and don't sell .biz, .info or .name, or .cc or .tv or .bz or any of the obvious repurposed cctlds, with the exception of my friend Bill Semich's .nu, which actually means something in Sweden for local reasons. I do plan to sell .aero, .coop and .museum, however. In case it is inobvious, there is a possibility that part of _your_ problem (and a big part of my problems) can be placed at the figurative "door" of a 501(c)(3) located in California. > The answer? (1) no obfuscated registrations (2) mass, fast, permanent > confiscation of spammer domains (3) requirement for reasonably correct > domain registration info ... and (4) publication of all WHOIS data in > a simple, easily parseable form ... Nothing in this laundry list that makes the cost of bad business for my competitors rise, see add and subtract, above. Try the following: 1,$s/registrars/isp/g and 1,$s/registry/rir/g, and 1,$s/domain/ipv4_addr/. If you're still keen on your approach, then it might be a good one. I've replied after removing your personal identifiers back to NANOG. I appreciate the data, but I want the discourse to be multicast. Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
> I suppose it depends on how you define 'unpublished'; and how you define > 'non-resolving'. Your opening remark was that policy foo must be applied to all domains. This doesn't accomplish anything for the set of domains that will never be published (registry reserved strings), nor those that absent seperate acts of malfesance, will always have a very low average association with disfunction -- the 50% of the .net namespace that actually goes to real boxen owned and operated by real people. Between, and in addition to these two samples, there are classes of domains that are vastly less likely to be used in uce and equivalent schemes. The class of domains purchased simply to take them out, such as Hamming distance buys around a defended mark, may never resolve. "All" is too blunt a tool. > I reported it to ICANN for having invalid whois data. It took them ... > ... a year to have it removed from the root dbs. That is an ICANN issue. It may come as a surprise to you but for the past few years the "ISP Constituency" has ceased to exist, and has been folded into Marilyn Cade and Philipe Sheppard's "Business Constituency". > Please see my other message. Allowing domains with invalid whois data to > remain in use facilitates abuse in other realms. If it isn't "fixing insecure email infrastructure", then it needs to find a thread and/or list of its own. The little table of domain names and redirects is slightly useful, but it would be more useful if your data could show registrar clustering. > I'd be delighted if you have pointers to a paid whois reformatter, but > I still believe strongly that it should not be necessary. The quality of data usually has a relationship with the cost of care that has gone into that data, just like abuse desks. Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
> Why is it considered such a crazy proposition that domains should have > valid and correct whois data associated with them? There is no relationship between data and funcion. The data is not necessary to implement function-based policy. > Bah. You're saying that you're uninterested in discussing the root causes > that allow and even encourage abuse to occur in specific realms. I guess > you're not interested in actually "fixing insecure email infrastructure". I have no idea what specific realms you could be referring to. >> The little table of domain names and redirects is slightly useful, but it >> would be more useful if your data could show registrar clustering. > > Why should this matter? Spammy can always choose a different registrar > every day. So what? He is registering domains for use in abusive and > criminal acts, and the message I'm getting from you is that it should > only be of concern to you if he uses the same registrar? OK. The choice of registrar, registrar policy, registrar price, and so on isn't data that could be of use to anyone ever. But you're going to get "valid and correct whois data" from all registrars. How will you get that? What does "valid" and "correct" mean? Does it apply to all the records in a single domain registration, or just some of them? Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
Taking your comment in reverse order. > Or, alternately, you're simply saying that those who care about net > abuse are shackled by ICANN's bylaws and therefore we can do nothing. I don't think you have a monopoly on "care" (or clue) about net abuse, but it is pretty clear that you're not tall enough to ride the ICANN roller coaster. Thus far, all you've done is recycle the policy claim of the trademarks interests, a highly effective "stakeholder" and rational entity within ICANN, and the policy claim of the law enforcement interests, typically American, and not an organic ICANN "stakeholder", and neither effective nor rational within ICANN (personal opinion, from the first FBI/LE UWHOIS meeting, March 2000 WDC if memory serves, to the present). Now why should that catch your attention? How about because neither of these policy authors (good, bad or simply ugly) care particularly about SMTP, in fact, the trademark policy author doesn't know that SMTP exists, because the use of trademarks in SMTP envelopes or bodies has not been argued (yet) to support a dilution claim. As the FBI/LE goal set isn't coherent or rational I'm going to assign it a protocol independent end point identifier goal, because I don't think the FBI/LE goal set is as limited as SMTP. This thread however is about SMTP, and some glop that might make it differently, or less "insecure". So, if your primary policy tool is the same policy tool used by actors seeking ends indifferent to yours, either you are lucky or you are wrong. Now, is ICANN part of the problem space? It is for me, but I'm trying to compete with entrenched monopoly in the registry space that has the single greatest control over domain name policy, and entrenched cartel in the registrar space, and no technical issue, not secure operation of the root zone servers, correctness of the gtld zone servers, SLA metrics for gtld registry systems, data escrow, etc., has displaced the trademark position on whois:43 for the most important policy or operational issue for that corporation. My competitors (measured by market share) are for the most part indifferent to spam, porn, and social policy generally. Is it for you? Apparently not. So just leaving the trademarks people in charge should solve your problem in finite time. That means you may have already won. Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "an
> Of course, I know that. I just mentioned Africa because, in many > countries in Africa, it is simply impossible to get a PTR > record. That's a fact, there are many reasons behind. Howdy Stephane, It is also an area where many cctld operators maintain their registration data using spreadsheets, and "whois" isn't :43. Not an issue of activel malfeasence, other than early adopter attitudes towards late, and challenged adopters. As you note, there are many reasons behind [it, the impossibility to get a PTR record or a :43 server connect]. Eric
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonym
> Because there is no data protection on many databases (such as ".com" > registrars who are forced to sell the data if requested), people lie > when registering, because it is the only tool they have to protect > their privacy. Yup. Our ICANN contracts both require us to sell bulk registrant data, and require us to maintain :42 and :80 (FORM+POST) whois servers, both unconditionally, to satisfy the trademarks interest group. The "perfect open whois to fight spam" claim exchanges 40,000,000 valid (or not dysfunctional in this particular context) for two or more orders of magintude smaller invalid and dysfunctional (in this partuclar context) addresses. Because registrar-registrar predation via whois data mining is a reality, registrars rate limit or otherwise attempt an ACL on both :43 and :80 whois service, and data format variation is a form of defense. It prevents the marginals who can't write a simple parser from theft via slamming the registrants. And since no one who wants whois data who isn't stealing registrants is paying us, grand unifying schemes aren't a registrar insterest. Again, look to the marks people, now accompanied by the new "total information" law enforcement people for the primary actors. As I've previously pointed out, neither of those two interest groups is fundamentally interested in SMTP. > Fix the data protection problem and you'll have a better case to force > people to register proper information. Bingo!
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonym
> The current pretense of "privacy" is nothing more than a convenient > mechanism for registrars to pad their wallets and evade responsible > for facilitating abuse. As an aside, I used a (wicked big) competitor's "privacy" service to regsiter a domain for a political worker who wanted to whistleblow but not be identified. My customer could now use a web log service such as Duncan Black did under the name of "atrios", and obtain casual (but not subpoena-proof) data protection (non-publication of customer profile data). Broadly I agree that "privacy" as a product under contract law is not a better solution than data protection as a right under human rights. However, data protection isn't as available to all potential registrants.
Re: panix.com hijacked
I've forwared to Bruce Tonkin, who I know personally, at MIT, and Cliff Page, who I don't know as well, at Dotster, Steve's note. These are the RC reps for each registrar.
Re: panix.com hijacked
> If I were Panix ... Free advice. Bruce, Cliff and Chuck are people. Yes, even Chuck is a people. You want prompt service, you ask nice and you ask the right people and you don't assume there are facts not in evidence, like errors or malfeasence, when you could be solving the problem, before the facts could be in evidence. My phone isn't going to ring, so I'm going to bed. Eric
Re: panix.com hijacked
Howdy Perry, > Alexis Rosen of Panix was on the phone earlier today with the company > attorney for melbourneit -- reputedly he was informed that even if the > police called, they would not do anything about the problem until > Monday their time. (a) I don't know MIT's attorney, and (b) I wouldn't ever call him or her when I could reach someone I know, and (c) what would you expect an attorney to say? > Alexis is a bit on the upset side, naturally -- his company is in > serious trouble because of very obvious fraud, and waiting a few days > isn't really something he can afford to do. (If you look at the whois > records now in place for panix.com they're pretty clearly the result > of fraudulent activity. There is a pretty clear attempt there to > maximally obscure who has stolen the domain name -- this is clearly > not an innocent mistake.) Yeah, but, home truths. There are registrars who will get out of bed at night for a customer, and registrars who could give a shit if hell froze. Just like ISPs and LEOs, neh? Picking a registrar with a market share in the top 10 means that you get 1/share's worth of attention, which means 1/1488700 of Dotster's attention (using 1/15 daily market share graph). Now, was that at the NetSol $35/yr price point for customer care, or the GoDaddy $6.95/yr price point for customer care. I suppose everyone thinks that it (for some value of "it") can't happen to them, and that if it does, a wicked small amount of money will still do more than the oil that lights the lamps at Hanukkah, because bad acts are rare and all the dimes pile up into a shared fate insurance fund. Well, now I'm really going to bed. Eric
Re: panix.com hijacked (VeriSign refuses to help)
Oki all, Its dawn in Maine, the caffine delivery system has only just started, but I'll comment on the overnight. You're welcome [EMAIL PROTECTED] If you'll send me the cell phone number for the MIT managment I will call wearing my registrar hat and inform whoever I end up speaking with that Bruce needs to call me urgently, on Registrar Constituency business. Next, put a call into the Washingtom Post. They lost the use of the name "washpost.com" which all their internal email used, to due to expiry, so their internal mail went "dark" for several hours. This was haha funny during the primary season (Feb 6). If they don't get it try the NYTimes. Put the problem on record. There is an elephant in the room. The elephant is that the existing regime is organized around protecting the IPR lobby from boogiemen of their own invention. They invented the theory that trademark.tld (and trademark.co.cctld) existence dilutes the value of trademark, hence names-are-marks, bringing many happy dollars (10^^6 buys) into the registrar/registry system ($29-or-less/$6, resp., per gtld and some cctlds), and retarding new "gTLD" introductions, as each costs the IPR interests an additional $35 million annually. To solve their division of spoils problem, is "united.com" UAL or is it UA?, we had DRPs, which is now a UDRP, and more DRPs for lots of cctlds. These [U]DRPs take many,many,many,many units of 24x7. They were invented for the happy IPR campers, who care about _title_, not _function_. If the net went dark that would be fine with them to, so long as the right owners owned the right names. Restated, there is no applicable (as in "useful for a 24x7 no downtime claimant") law in the ICANN jurisdiction. And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you"). In case it isn't obvious, the "your own damn fault" refers to a much larger class of "you" than Alexis Rosen. [Oh, the same happy campers are why :43 is broken. They want perfect data at no cost and w/o restriction. Registrars don't want slamming, today's owie, and registrants don't want spam (which some ISPs do), so the whole :43 issue is a trainwreck of non-operational interests overriding operational interests. Registrars would be happy to pump :43 data to operators, if we could manage the abuse, instead we get knuckleheads who insist that spam would be solved forever if ...] There is a fundamental choice of jurisdictions question. Is ICANN the correct venue for ajudication, or is there another venue? This is what recourse to the "ask a real person" mechanism assumes, that talking to a human being is the better choice. Bill made this comment: > Since folks have been working on this for hours, and according to > posts on NANOG, both MelbourneIT and Verisign refuse to do anything > for days or weeks, would it be a good time to take drastic action? > > Think of what we'd do about a larger ISP, or the Well, or really any > serious financial target. > > Think of the damage from harvesting <>logins and mail passwords of > panix users. You (collectively) are another venue. When the SiteFinder patch was broadly adopted to work around a change made at one of the registries, you (collectively) were replacing ICANN as the regulatory body. ICANN took weeks to arive at a conclusion about that change, then endorsed that patch to the deployed DNS, while depricating incoherence in the DNS. [I spent 5 minutes at the Rome Registrar Constituency meeting chewing Vint Cerf and Paul Twomey in front of about 100 registrars and back benchers for taking many,many,many,many units of 24x7 to arive at the conclusion that breakage, or "surprise" in .com was not a good thing.] There is a stability of the internet issue. An ISP's user names and their passwords are compromised by VGRS, MIT, DOTSTER, and PANIX all following the controlling authority -- the ICANN disputed transfer process. It isn't MCI or AOL or ... and if it were a bank it might not be Bank of America ... and if it were a newspaper it might not be the WaPo. But if size defines the class of protected businesses under the controlling jurisdiction [1], then Panix's core problem is that it isn't AOL or MSN or the ISP side of a RBOC. I'd be nervous if I were Alexis. Not enough people are running their cups on the bars to get the attention of the wardens. Eric [1] In the US FCC space, the 3-2 decision mid-last month on CLEC access to unbundled UNE is a "size defin
fwd: Re: [registrars] Re: panix.com hijacked
Oki all, Delivery of RC mail to me is fairly desultory. Apparently there is an earlier thread. Post-Rome the very purpose of the RC seems to me to be doubtful (advocacy for registrars other than NetSol+4), and post-Elana the process of the RC left me disinterested. I'm particularly enamored by Ross' notion of what is going on on NANOG. Cheers, Eric --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Sun Jan 16 11:14:04 2005 Return-Path: <[EMAIL PROTECTED]> Received: from greenriver.icann.org (greenriver.icann.org [192.0.35.121]) by nic-naa.net (8.13.1/8.13.1) with ESMTP id j0GBDxgx036293 for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 11:14:04 GMT (envelope-from [EMAIL PROTECTED]) Received: from greenriver.icann.org (greenriver [127.0.0.1]) by greenriver.icann.org (8.12.11/8.12.11) with ESMTP id j0GEx1Qg006202; Sun, 16 Jan 2005 06:59:01 -0800 Received: (from [EMAIL PROTECTED]) by greenriver.icann.org (8.12.11/8.12.11/Submit) id j0GEx0hJ006201; Sun, 16 Jan 2005 06:59:01 -0800 X-Authentication-Warning: greenriver.icann.org: majordomo set sender to [EMAIL PROTECTED] using -f Received: from pechora.icann.org (pechora.icann.org [192.0.34.35]) by greenriver.icann.org (8.12.11/8.12.11) with ESMTP id j0GEwxrw006198 for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 06:59:00 -0800 Received: from tomts16-srv.bellnexxia.net (tomts16-srv.bellnexxia.net [209.226.175.4]) by pechora.icann.org (8.11.6/8.11.6) with ESMTP id j0GEwBA16293 for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 06:58:11 -0800 Received: from [192.168.2.101] ([67.71.54.206]) by tomts16-srv.bellnexxia.net (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP id <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 09:58:57 -0500 Message-ID: <[EMAIL PROTECTED]> Date: Sun, 16 Jan 2005 09:57:03 -0500 From: "Ross Wm. Rader" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Organization: Tucows Inc. User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mark Jeftovic <[EMAIL PROTECTED]> CC: Registrars Constituency <[EMAIL PROTECTED]> Subject: Re: [registrars] Re: panix.com hijacked References: <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: [EMAIL PROTECTED] Precedence: bulk On 1/16/2005 12:29 AM Mark Jeftovic noted that: > There's a thread on NANOG to the effect that panix.com has been > hijacked from Dotster over to MelbourneIT and it has pretty > well taken panix.com and its customers offline, see > http://www.panix.net/ I don't see what you are looking at - .net and .com point to the same place with no indication of anything awry...of course, I'm late to the game and the DNS probably tells a different story... > > Looks like this may be among the first high-profile unauthorized > transfer under the new transfer policy. Looks like a bunch of guys on the NANOG list engaging in a lot of conjecture without the benefit of a lot of facts. > Maybe there needs to some sort of emergency reversion where at least the > nameservers can be rolled back immediately while the contesting parties > sort it out. Might be interesting - what criteria would trigger the process? - -- Regards, -rwr "In the modern world the intelligence of public opinion is the one indispensable condition for social progress." - Charles W. Eliot (1834 - 1926) --- End of Forwarded Message
Re: The entire mechanism is Wrong!
Gentlemen and Ladies, I concur with the view expressed by Bob Fox (IANA-134), that the "current method only favours Verisign and crooks." The hijacking of panix.com, and the post-hijacking response of VGRS, which could unilaterally act, but choses not to, for its own reasons, and MelburneIT, which could unilaterally act, but choses to not act until 72 hours after being noticed, if then, is a counter-example to any claim that the current method has any rational application to domain names that are "mission critical", that is, used for something other than proping up some shoddy trademark claim by some party that doesn't even use the dns for core operational practice. It doesn't reflect very well on the registries and registrars either. Eric Brunner-Williams CTO Wampumpeag, LLC Operator, USA Webhost, IANA-439, CORE-124
apropos of nothing
Oki all, I was interested in a policy I came across recently at a cctld registry. If a domain has no (or few for some value of few) hits over some period of time post-registration, the registry will recover the string and let another user acquire it, and presumably actually use it. So if t = 3m, pokey.cctld could go to four users in the course of a single year, iff the first three made insufficient use of pokey.cctld during that time. I'm going to guess that panix.com is different from most of the multi-k domains that are dropping off the VGRS registry and into today's (well, yesterday's) drop pool, as measured by use. I'm going to guess that panix.com is different from most of the multi-k inter-registrar transfers of yesterday, today, and tomorrow, by the same use metric. IMHO, organizing policy around function, actually distinguishing between panix.com and the overwhelming majority of domain names for which some change of state at the registry occurs, is a better principle that to continue to organize policy around trademarks and their buyers and agents, indifferent to the frequency and distribution of use of a domain name. At some point, it really _is_ a name-to-addresss map, and not a cognate for a trademark-to-owner map. It is possible to distinguish risk, and a policy which chooses not to make distinctions isn't prudent. In case anyone's missed the obvious, we now have an incoherent dns, and caching resolver operators have introduced the incoherency, and no one in the operator community is visibly spitting blood at the intentional exception to rfc2826. This situation should not continue. Neither should the "new/hijacked" answers be served. Eric
Re: Association of Trustworthy Roots?
It isn't just that the root operators are silent. On the registrar's list there has been only five items on the subject. 1 Mark Jeftovic (easydns) who is on NANOG, copying the RC list. 2 Ross Rader (tucows) who is not, blowing it off, no delta between authoritative and caching servers 3 Mark asking Ross if he's had coffee yet, and yes delta between authoritative and caching servers 4 Ross, yes he's had two cups and NANOG is a ton of mindless conjecture and pretty silly 5 Mark replies with panix.net's motd and ssl alert That's it. On the registry mailing list ... well, I'm not on the registry constituency mailing list, I haven't been since I left NeuStar and .biz and .us (urk) and .cn (fun), so I don't know, but my guess is the answer is somewhere near zero. How about the IPC mailing list ... well, I never could get a group of indigenous IPR experts admitted to the ICANN IPC, so since the Berlin meeting I've not been on the IPC list, but again, knowing the actors as people, I'm going to buy an integer between -1 and +1. So, after IPC and Registries and Registrars, where would anyone expect to find a policy interest in the area, since ISP/C is wicked dead? Eric
Re: panix.com
The outcome I expected when Bruce got involved. --- Forwarded Message From: "Bruce Tonkin" <[EMAIL PROTECTED]> To: "Eric Brunner-Williams in Portland Maine" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nic-naa.net id j0GIZIlC038110 Hello Eric, Thanks for letting me know. We will ensure the name is restored to its correct status, and are investigating how the incident occurred. Regards, Bruce Tonkin > -Original Message- > From: Eric Brunner-Williams in Portland Maine > [mailto:[EMAIL PROTECTED] > Sent: Sunday, 16 January 2005 10:49 AM > To: Bruce Tonkin > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: panix.com > > Bruce, > > Steve just sent this note to NANOG. > > panix.com has apparently been hijacked. It's now associated > with a different registrar -- melbourneit instead of dotster > -- and a different owner. Can anyone suggest appropriate > people to contact to try to get this straightened out? > > --Prof. Steven M. Bellovin, > http://www.cs.columbia.edu/~smb > > I know Steve and you know me, so lets see if this is > malfesance or error. > > Eric > --- End of Forwarded Message
Re: Association of Trustworthy Roots?
Chris, CORE was neither the losing nor the gaining registrar. Please acquire context. Eric IANA-439, and CORE-124
Re: domain hijacking - what do you do to prepared?
Gadi, > The question that comes to mind is - what do you do to be prepared? Well, for a start you can put a comment into the ICANN comments on the new xfr policy. I did earler today. Next, you can, as some today did, decide that cache trumps authority under some conditions, and ensure that cache is controlling when some conditions exist. There are so many structural things wrong with the mechanisms this is about like asking how to write cat in perl. > I suppose that other than setting registrar lock in place, there is > another thing one can do. In terms of mechanism, this just undoes the latest change in xfr policy in the ICANN gTLD market. Instead of opt-in-after-nack-delay you go back to opt-out-after-nack-delay. It is a rational choice, but since it is, you (plural) know that your interests were not the controling ones when the policy change was debated. There are edge-case registrants who are benefited by opt-in, but if most of you (plural) opt-out, then the change in policy that affects registrants, must either be an error, or benefit some parties other than the registrants, edge-cases excluded. Mail comments to [EMAIL PROTECTED] In fact I think I'll forward this entire set of threads to [EMAIL PROTECTED] > Study! > > Whether it's checking the expiration date for your domain, establishing > contact with your up-in-line authority - registrar, tld, etc. depending > on who you are. Yes ... but ... OK. There are things anyone managing registry/registrar/reseller accounts can do, from getting all the renewal dates synchronized and tied to a date you never forget (warning, spousal birthdays not advised), and if nothing else comes up for several values of "tomorrow" I might write up. But ... Like the guy who was looking for a free solution to all the :43 formats in all the gin joints in all the world, why do you want to buy retail? You don't expect routers to autoconfig and suck up bogon filters and cough out correct aggregations for you just by the application of some electrons, so why expect to get all the nuances of the ICANN zoo, and to stay current of registry/registrar/reseller best and worst practice? Eric
Re: Root vs TLD (was Re: Association of Trustworthy Roots?)
> You may or may not think Verisign as registry is blameless / disreputable > and to blame for this incident. There is causation for incoherence between the authoritative and non-authoritative nameservers for a particular data set. > You may or may not think the gaining/losing registrars are blameless / > disreputable for this incident. There is causation for provisioning state change triggers to the database used to construct a particular data set published by the authoritative nameservers for that particular data set. > Tou may or may not think that ICANN gTLD policy is blameless / disreputable > for this incident. There is causation for policy and mechanism that is articulated in end-to-end transactions between registrants, intermediate entities, and registries. These are not mutually exclusive. Blame and repute are secondary to the correct reconstructions of causations. Eric
Re: netblazer Was: baiting
> (And I was serious, not sarcastic, about the 'blazer. YMMV,) Martin, That's OK, I never got work for a router vendor after that, a solution that I've now completeley generalized, having discovered a trivial but obscure and beautiful technique, as any good mathematician must. However, since I was most of the QA for the NetBlazer, and whiled away my paid hours with making tcl/tk scripts to irritate units under test, which was somewhat novel in 1991, silly stuff like bringing up and tearing down a connection all night long to prove the existance of a memory leak, and networks to prove the function of rip, I'm curious what part of the NetBlazer was a piece of shit? In this period of time, the White Knights built the InterOp shownets and we had comparative access to quite a lot of vendor product, and know that the red buttons on Wellfleets were correctly positioned on the front, for easy access. We used NetBlazers for dial-up outbound (we were topologically quite diverse by '91, our last show in the San Jose facility) and I don't recall anything ... resembling the behavior that I could characterize as POS like function. Data please, but off-list. Bill will be interested too I expect. Eric
Re: Standard of Promptness
Bill, > The Registry is the party that must revert the data to the previous > state. For the stability of the Internet, it must be done as quickly > as possible before old correct caches time out. Therefore, that's > where the penalties should apply. Agree. This is a solution to the publication problem, and putting my hat , I can say that acting in lieu of a temporarily or permanently defunct registrar is normal, as is mark-up by hand of zonefiles, post-production but pre-publication. At I used to say all the time, "We are the registrar of last resort, when things go awry, we go acorn or asquash [1]." > (2) a 4 hour standard of promptness for all Registrars, starting > from initial notice of any kind. That gives them enough time to: Here's where it gets crappy. The gTLDs are in Reston, Reston, Toronto, Toronto and Reston, Reston and New York. The latter three have little or no facilities-based names, and are out of scope. The registrars are in more than 18 timezones, and may be fictional. In fact, for malfeasence, the bad actors are likely to be resellers, not registrars, or what Bob Connolley refers to as "phantom registrars". When we started working EPP the universe of writers (the cred problem) was 70. Last week's mail from ICANN is that they expect that 60 more registrars will be accredited within the next 60 days, which is a drop off from the growth in the number of registrars over the past year. Turn to http://www.iana.org/assignments/registrar-ids and check it every so often (does anyone have dated snapshots? I want same, TiA), the integer identifier is a lot closer to 1k than 1c. Why non-linear growth in the number of registrars three years after the bottom dropped out of the market? The drop market. There is speculation that applications have been prepared in bulk. These are the "phantom registrars". The bottom has fallen out of the secondary market too. Independent of the utility or morality of the secondary market, and my registrar makes pin money in that market, there are hundreds more write access tokens to the VGRS dbms than there was two, or four years ago. In the quasi-contractual world of ICANN agreements, which everyone is ready to wave threateningly at any registrar for lack of due diligence over what amounts to less than the price of a bottle of Chilean wine, there is the equal access clause. That clause means that all of the accredited registrars, including the "phantom registrars", are in your risk universe. They all have read|write creds, and some have very, very little technical staffing, or involvement. You wrote off-list during this mess to someone at a business that offers parties that have gotten ICANN papers an outsourced operations and hosting solution, "no hands but marketing". The current chair of the registrar constituency offers "registrar in a M$ can" solutions to new registrars. As the saying goes in ICANN registrar and registry policy debates, ICANN has no business determining business models. The skill and clue level for a significant set of the registrar universe is difficult to underestimate. So, with that sleet on the city workers, every hour of every day a "phantom registrar" is going "dark" for at least 18 hours, if not longer, and that assumes that the "phantom registrar" of the hour keeps "business hours". With that in mind, would you like to try and restate the temporal properties of registrar function, where unlike the prior regime, a registrar could decline to ack a xfr request and become a loosing registrar, a gaining registrar can now decline to ack a post-xfr request to re-instate, for 18 hours plus weekends and holidays. In passing, it is possible that for the "phantom registrar" class of business models, the penalty of de-accreditation is overstated. Eric [1] Its an Indian joke. There were two of us. That's wicked rare in the network rackets. We told jokes.
Re: Registrar and registry backend processes.
> For what it is worth, some consider the .de whois server broken; see > below. Let's note that the new RFC (3912) doesn't mention the "help > methodology" anymore. In the high stakes game of registry redelegation, with .org as a data point and the new gTLD competition (winners: [info,biz,name,pro]) as another, the difference of function of what answers on :43 isn't, IMO, a liability. It is both trivial to fix, and defensible (EU Data Protection Framework), and not in the criteria set that appears to be key in the selection of bids. The criteria for selection of the next .net delegation operator is likely, in my limited experience, to turn on issues that have little to do with a bidders actual ability to operate the .net registry. Aside: In January 2002 I wrote Request to Move RFC 954 to Historic Status, published as draft-brunner-rfc954-historic-00.txt. Two years later, Leslie Daigle wrote a different draft which is now rfc3912. Aside: A ccTLD operator submitted a bid for .org. The "technical evaluator" retained by ICANN ranked the bids submitted by existing gTLD operators other than VGRS as (1) info, (2) biz, (3) pro. I was surprised by the presence of (2) and (3) on the list, and by the absence of two bids from that list. If you want to look for a real criteria, you might want to ask "How long after the transfer will the new operator receive any monies for the set of registrations contained in the registry at the moment of transfer?" Eric
Re: Gtld transfer process
> There seems to be a general lack of IETF design and review of protocols > in this crucial area. The IETF does not design and review propriatary protocols. VGRS published the RRP specifications. I'm always interested in EPP technical minutia. Eric
Re: netblazer Was: baiting
> My recollection of that show was "T-1 to BARRnet", not > bonded-Netblazer-dialout, but I didn't "work the show" until the > following spring, so my recollection could be at fault. Hey Robert, Correct, but we stuck in the NB because the funtional principle (demand dial and route) was distinct. The T-1 to BARNet was the fastpath (but providing it didn't entitle the provider to one of my tee shirts). Fun. Before the greedbots went non-linear on the rising edge of the bubble. Eric
Re: Terminal Servers (was Re: netblazer Was: baiting)
> Netblazers were fine except the Telebit lied about the SYN35 card > being usable with a T-1. uh, the test lab used T-0 (56kb) for the syn interface, so integers greater than 0 would be ... creative on someone's part, and TB mktg could be just as creative as the rest of the XX mktg golf pros.
Re: Association of Trustworthy Roots?
Paul, I ment to refer to the registry operator who operates the constellation of nameservers for the .com zone, and wrote something else. I'm going to press my red ears (both) to the copious available ice. Eric
EPP minutia (was: Re: Gtld transfer process)
Bruce, > I am interested to hear what members of the NANOG list believe would be > a better transfers process. Non-functional changes of operationally significant configuration data is avoided. My thumbs are as thick as the next person's. I'm quite happy to buy a decade's worth of name, even at $35/name/year, because other than changes to NS records, as renumberings come and go, and machines spontainiously combust, I don't want change. When I need change, I plan it, just like renumbering or new circuits or new network elements or new staff. The notion of "REGISTRAR LOCK" is simply too weak, it can be flipped in minutes. I want something that presents only limited windows of state change (other than NS) opportunity, which I can syncronize to corporate standard paperwork flag days, so it isn't when I hand the keys to the shop to a junior and take the kids on holiday. I want a "transfer process" that is inherently difficult, if not broken, for domain names that are business assets. I don't care about "competition" between registrars, or how much I get soaked for by the registrar and registry, or how evil and/or retarded one or both are. I actually don't care about how quickly domain names are added to a tld zone, in fact, my domain names that are business assets worked just fine when names were published 3 times a week from the SRI NIC. So, I want a "transfers process" that is not indifferent to my use of domain names. I don't care what the domain name industry does with vanity names, trademark names, speculation names, porn names, spam names, even ebusiness names that aren't in the ISP/NSP food chain. Heck, I'd be happy to pay two registrars $35/name/yr to make sure they both have to be gamed before my domain names tied to operational assets become vulnerable to unplanned and state change in the registry (3rd party acquisition). [I actually do this, with some names with one good competitior-registrar, and some self-registrared, but to spread risk.] I do have hosting customers who more or less come and go synchronous with registrar transfer. In effect, these are month-to-month or year contracts, and I understand why new customers are wary of hosting providers who want to be in the control path for registry state change. But the "bread and butter" are multi-year hosting contracts, and for these customers registrar they want to be in the same small boat I want to be in. I hope that is helpful. I'm sure everybody else is wicked happy with the system they have, which is why everyone has the same system. Cheers, Eric
Re: EPP minutia (was: Re: Gtld transfer process)
Sorry about the subject line. I switched horses in mid-stream.
Re: EPP minutia (was: Re: Gtld transfer process)
> The problem that got us here was that registrars have > historically been not flexible enough at releasing > domains when the owners *did* want to transfer them. George, The point I tried to make in my prior note was that not all domains have the same temporal property of non-functional change. The "problem" that you refer to exists for some domain owners. Bruce asked for the comments of this subscribers to this list, on the current ICANN transfer process. Since ISP/NSP/... change registrars (cosmetic non-functional change for a cost savings of $0.10/day, maximum) almost never, it is wicked unlikely that the authors of the current ICANN transfer process ever thought about network infrastructure operators as affected or interested parties to any policy change. "We" didn't have "the problem", historical or otherwise. With the exception of operators who's business value is organized around resolution in under 3 days for new customers, not ongoing resolution after the 3rd day, or who's business value is now organized or re-organized around resolution in under 2 hours with the new dynmaic update property of several registries, and not ongoing resolution, "we" have been pretty much problem free in the registrar and registry space since Jake Feinler and Jose Garcia-Luna ran the SRI NIC. If webhosting outfits want to bundle registrar-reseller into their package forcing registrar transition with renumbering, fine. But they are further down the food chain. If the registrars want to directly slam the end-users, that's fine too. But short-term 1U renters and vhost operators and registrants aren't the NANOG list, and that's what Bruce asked, cosmetically or otherwise, for input from. An unintended side-effect of "competition" between registrars is that the named network infrastructure is someone's target of opportunity. In his reply to my note, Bruce points out that the system works for all. There are two classes of domain names already. Registry reserved and not. Adding a record to the database, or a lookup in addition to the existing access, to implement a third class, could get the domain names associated with critical network infrastructure out of the risk pool for whatever the transfer model de jour is for registrar competition, and make "rollback" for this class technically distinguishable, therefor policy differentiated, from the general zoo. Why don't you collect the results of a survey of access ISPs and above who change their own domain names registrars more than once every five years and show me that NANOG is equivalent to [EMAIL PROTECTED] Cheers, Eric
Re: Regarding registrar LOCK for panix.com
Oki all, I wasn't going to discuss this because it is potentially confusing, but as we're ratholing on registrar lock ... --- Some 60 plus days after a party acquired a domain, s/he initiated an "UNLOCK" at the user interface of the operator that had arrainged to acquire this particular domain. The transaction completed. The "loosing" registrar showed "unlocked", the "gaining" registrar saw the "unlocked" and proceeded with a transfer, which failed. The rrp.unlock() call actually never was made from the registrar to the registry, due to a transient network event between the operator network, and the "loosing" registrar network. The point is that locks aren't what they seem. This is a distributed system with many points of failure, not completely coherent, and it does matter from where one looks. Shorter form: error is possible. --- The registrant asked me to help. I called the operator. The CSR who took the call observed the inconsistency and re-issued the rrp.unlock(). Domain unlocked by jrandom-3rd-party in under two minutes. Granted, it was in an unusual state and the caller (me) knew more than the nice CSR. --- Posit a backhoe of unusual size operating near MIT, or that MIT does business out of Sri Lanka and the State of Nagaland has just dragged anchor across the SEA-ME-WE-III (again), or any of a dozen other real life events. We'd be chatting about the state in the central registry, not the failure to trigger a state change at the periphery of the system. --- It is possible to run a domain name based network service off of addresses provisioned by dhcp. It is possible to acquire a contiguous block, and to hold them for quite a long time. But that doesn't mean that it is sensible to build a network infrastructure for dynmaically provisioned resources. The transformation of the dns service from 1990 to the present has created dynmaic provisioned name resources -- the property absent in 1990, the "competitive" registrar, is dynamic, and hence so is everything else. I picked 1990 because Panix is 15 year old. I think the fundamental issue is that things that ought to be wicked stable, are in fact not. Everyone is free to draw their own conclusions, and act as they see fit, its all just risk management anyway, but if the design respected this user community, we wouldn't be reading that the correct competitive registrar can manage the risk. --- This is my last note on the subject. Eric
Re: Phishing Name Server?
Howdy Paul, rgid:id:domain ENOM:048:SAFE-KEYNET.com YESN:100:CITIFINANCUPDATE.com YESN:100:WAMU4U.com YESN:100:WAMUCORP >From prior experience I don't see anything novel. Yup. Real domains, and possibly real certs. >From my last go around with Vint, if I were of a mind to, I could sell bulk to even poor sniff-text buyers, cause I don't know in advance they actually do smell poorly, and my RRA doesn't really make that revenue enhancement a risk to my accreditation. No. I don't have a mind to. I wrote a longer piece on a related list recently, but I don't see much in the way of effective recourse that isn't leased-host-in-cage-seizure with the intangibles trivially rehosted. Cheers, Eric
Re: Iraqi TLD
Oki all,
I suppose I should update what I have up at {nic,noc}-iq.nic-naa.net.
At the Rome meeting I spoke (open mic) to the ICANN BOD about the issue.
That was a year ago.
A week before the Asian Tsunami David Cuthbertson wrote to me and asked
about the delegation. He works for Adam Smith International out of the
British Embassy, Baghdad and his client was the "Iraqi government" created
by US/UK military. The quotation marks and the "created by ..." is my
commentary, not his.
I gave him my understanding of the situation and my advice freely, knowing
that he and/or his client wouldn't take the core nugget -- talk to the
current delegee and find a way to arrange either restarted operations (as
simple as a NS change request) or a consensual change of delegation.
Shortly after the Asian Tsunami I faxed Vint Cerf a letter on the status
of .iq and reviewed the arguements that could be brought by a party seeking
a non-consensual change of delegation. Naturally, IANAL, but then again,
what lawyer knows anything about this rather arcane area of policy? Vint
was in India at the time and I was more interested in aid getting to the
tribal people in the Andaman and Nicobar Islands than .iq, which has been
on hold for two years already, and the Indian military were keeping any of
the medical aid, or aid workers, from MSF or Oxfam, from getting to the
tribal areas.
There was an exchange of notes on .iq, mostly of my views on the danger to
the system of internet governance and my views on the export rule infraction,
and a suggestion.
I haven't heard anything since.
I suppose everyone on the *NOG lists understands that .iq could be a very
bushy tree, with leaf nodes that resolve to live machines containing data
germane to the leaf-node-name, not necessarily "in" Iraq, and with one or
more levels of subdelegation, for schools, hospitals, and so on, reflecting
the academic and civil society, as well as several transitional governments,
refugees, NGOs, International Treaty Organizations, and interested foreign
governments and businesses. The "no power, no wires, therefor no dns" kind
of nonsense doesn't need refuting here.
Eric
Re: Iraqi TLD
> And infocom was shutdown by the feds for terrorism reasons. The DOJ advanced three claims: an INS claim, an exports rule infraction claim, and a charity-linked-to-Hammas (a/k/a "terrorism") claim. The 1st was dismissed, the second obtained a precedent-setting convinction and an unprecedented sentencing as fines are the rule, and the DOJ has not set a date to try the third claim. So, yes, former Attorney General John Ashcroft and FBI Director Robert Mueller and Michael Chertoff, then Director, Terrorist Financing Task Force, now Secretary of Homeland Security, did personally conduct the prosecution of Infocom and assert that it was a major terrorist case, but ... that was back in December 2002, when standards were lower than at present. Oblig operational item -- does anyone know of a comperable situation? An LEO deciding to seize all XYZ Corp properties in SomeState(s), including all RIR allocations made to XYZ Corp, whether for its internal use or for resale, and locking up everyone down to the first-tier line manager level? Eric
Re: Who is watching the watchers?
> > > Former chief privacy officer of Gator has been appointed to the Data > > > Privacy and Integrity Advisory Committee of the Department of Homeland > > > Security. > > > > > > http://www.salon.com/politics/war_room/2005/02/23/gator/index.html > > as president bush (jr) said on tv in the days following 9/11, > "america is open for business!" You don't want to know who is the CPO for DHS. Its FUBAR all the way up. Eric
Re: .US TLD Owners Lose Privacy
Oki all, For those of you in the Lower-48, plus Alaska and Hawai'i, I sent this to my local ISP association. You can ignore it, ridicule it, or adapt it to your state and pretend to have written it. I don't mind either way. If you do want to try it chez vous, and you want my help (or hinderence, depending on perspective) drop me a line. Eric --- Forwarded Message Message-Id: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 04 Mar 2005 13:05:46 -0500 From: Eric Brunner-Williams in Portland Maine <[EMAIL PROTECTED]> X-Virus-Scanned: by amavisd-new at midcoast.com Subject: [Maineisp] DoC opens .us to spam, forward from WiReD/NANOG, and some commentary X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.5 Precedence: list List-Id: Maine ISP Association List-Unsubscribe: <http://lbs.midcoast.com/mailman/listinfo/maineisp>, <mailto:[EMAIL PROTECTED]> List-Archive: <http://lbs.midcoast.com/pipermail/maineisp> List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://lbs.midcoast.com/mailman/listinfo/maineisp>, <mailto:[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new at midcoast.com Folks, By way of background, this is part of the "whois foodfight" in the policy area of ICANN and the DNS. The working assumption is that every domain is either of interest to an intellectual property owner (infringement) or to a law enforcement officer (pedi-porn), and vastly lower down the rational food chain that every domain is used in some form of UCE scheme (spam). These are all deeply problematic assumptions, but that hasn't made any impression on the actors at ICANN, or the less than best-and-brightest at the DOC/NTIA which owns .us. I wrote the proposal for NeuStar to operate .us in 2001, which the DOC/NTIA selected, so I'm modestly clueful on the operational and policy issues. What this means here in Maine is that no one can now register domain names of the form: "michal-heath-is-a-big-fat-idiot.me.us" or "the-monopoly-ilec-blows-chunks.me.us" or "workarounds-for-nannyware-pending-constituional-challenge.me.us" without providing the semblence of a personal (or corporate) identifier, consisting of a personal (or corporate) name, and contact information, as well as an email address which is not that of a 3rd-party proxy such as attornies and registered agents, which will be accessible to anyone who wants to "look behind the veil", without restriction. I can't fix the retardation at ICANN or the DOC/NTIA, but I can ask you all to think about whether you want the Maine Legis to remain silent on the sanity of assuming that every domain name registrant is infringing on a trademark, or a publishing pedophile, or otherwise engaging in some conduct that necessitates the registrant providing an address for legal service, their identity, and expose a mail address (your product) to the address harvesters for resale to spam-based marketing operations (your problem). If you haven't passed out already from my boring prose, and you'll do me the kindness of reading another paragraph, where this is heading is moving the policy oversight for me.us, that is, the marketing of "Maine" as a state on the internet from the DoC/NTIA to Maine, and the operations for me.us from Virginia to Maine. Then we can use John Baldacci or Steve Rowe, who presumably couldn't be bothered who thinks Michael Heath is a big fat idiot, or has unflattering things to write about Verizon or TimeWarner, or discusses breast feeding, to "proxy" registrations, preserving free political and commercial speech, until due cause for "lifting the veil" is argued, and at some non-trivial standard of proof. Plus we innoculate our local policy makers from a highly contagious case of bird brain flu on issues like spam, privacy and jurisdiction. Thanks for your patience, really. Eric - --- Forwarded Message >From WiReD: "The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services." "The move does not affect owners of .com and .net domains. But it means website owners with .us domains will no longer be able to shield their name and contact information from public eyes." http://wired.com/news/privacy/0,1848,66787,00.html?tw=wn_tophead_1 - - - ferg - --- End of Forwarded Message ___ Maineisp mailing list [EMAIL PROTECTED] http://lbs.midcoast.com/mailman/listinfo/maineisp --- End of Forwarded Message
Re: Utah considers law to mandate ISP's block "harmful" sites
> | If HB260 is approved, it would require that Utah-based companies > | begin rating their sites for [... cryptofauna]. Oh. So its just PICS. If it was P3P I'd be more interested, but as it is (or appears to be at a very great distance) PICS, yawn.
Re: Utah governor signs Net-porn bill
Could someone find out what the actual mandated requirements are? At one point it sounded a lot like just putting PICs lables on published URLs.
Re: Utah governor signs Net-porn bill
thanks steve. i'm distracted. just got bit by red lake.
Re: Utah governor signs Net-porn bill
Bill, I'll be happy to contact the IT and/or policy people at any or all of the Tribal Governments who's jurisdictions are surrounded by, or proximal to, those of the state of Utah. (a) They could use the business, just like anyone else, and (b) they are not subject to Utah's state law (and before any smarty pants says "PL 280 Utah Code Annotated sections 63-36-9 to 63-36-21, 1991", let me point out that Utah has not amended its state constitutions and, consequently, their claims of jurisdiction are subject to legal challenge, and (deep breath), PL 280 wasn't intended to help missionaries chase foul mouthed apostates and 1st Amendment exercisers out of Indian Country), and quite attached to keeping that difference and keeping it visibly. > NO, see 76-10-1233(1) "A content provider that is domiciled in Utah, > or generates or hosts content in Utah, "... Eric
Re: Utah governor signs Net-porn bill
Oki all, Over the holidays I had the opportunity to pick up some pin money experting for a case involving just this business model and the media ignored sides of some rather well-known persons who work the church markets in the US. > > that's EASY: there is hyperconcern for the welfare of > > children in Utah, > > Finally, someone who recognizes what this bill is > all about. It merely asks ISPs to provide parents > with a filtering tool that cannot be overridden by > their children because the process of filtering takes > place entirely outside the home. In the instance of policy and mechanism I reviewed, this was "deinstall AOL and all others, install , stuff some obscure bits into hidden files on DOS boxen to prevent replay with a possibly different permissible policy threshold, and prompt the adult/user/owner/installer for threshold definition". Clunky, IMHO, because the step after "mistake" is "reinstall OEM os", but tastes vary. > Once Utah ISPs come up with a good way to do this, > I suspect there will be a market for such services > elsewhere in the USA as well. In the instance of policy and mechanism I reviewed, this was "interpose a proxy on all http methods, and evalute some property of some of object according to some rule(s). If permissible (above), forward to the edge, if not, do something else. It could have been localized ad insertion, or bandwidth aware content frobbing, instead of ... what it was. Is it "easy" as a business proposition? Everything was on the rising side of the bubble. On the falling side of the bubble even AOL had to work its numbers. With "more moralists" dominant in public policy, market plans that replace public morality policy with private morality policies seem to me to be less likely to penetrate the "high" morality affinity-based markets than when "less moralists" dominant in public policy. To paraphrase my friend Bill, why would the little asshats settle for a private Idaho or Utah when the big asshats have promissed them the whole enchilada? Anyway, it was presents for the kiddies and some of the winter's heating oil, and I now know more about some people than I wanted to. Eric
Re: Utah governor signs Net-porn bill
> 1) unenforcable old blue laws similar to how Native > Americans need to be escorted by police in > Massachussetts (i.e. they never got around to fixing > old bad law, but noone cares anymore) Actually, Indian towns were goverened by Blue Laws up the second half of the 20th century. Not every law against snowfall was enforced at all times, but one shouldn't infer that all laws relating to fallend snow were moot for all time.
Re: ICANN on the panix.com theft
nuance. > ICANN Blames Melbourne IT for Panix Domain Hijacking ICANN's current RAA (Registrar Accreditation Agreement) lacks a profound amount of teeth. If it had any, that is, if "ICANN Blames " ment anything, Domain Registry of America' (remember them) registrars (note the plural) would be on the dock for something. MITs sins are pretty small in the grand scheme of things, and they didn't cause the race regime that was the root cause for PANIX.COM needing defense. ICANN is dorking the registry contracts for new sTLDs, and has dorked with the ccTLD contracts, and is now dorking with the registrar contracts. You all may wonder if ICANN is "bottom up" and these contracts reflect "consensus polices", if not caring about the DNSO circus for another round is really in your best interests. YMMV, as always. Eric
Telcordia report on ICANN .net RFP Evaluation
Oki all, A summary of the report and a link to the full report can be found at: http://www.icann.org/announcements/announcement-28mar05.htm So now you know. VGRS, NS+, AF, ranked 1, 2, 3; DE and CORE ranked 4 & 5. Eric
Re: The U.N. thinks about tomorrow's cyberspace
Paul, I worked with Houlin Zhao extensively during 2001, and met with him again at the Rome ICANN meeting. He's a smart guy. Eric
Re: Disappointment at DENIC over Poor Rating in .net Procedure
That's milder than the critique offered by SWITCH in the last round.
Re: Disappointment at DENIC over Poor Rating in .net Procedure
> Anyway, DENIC's offer didn't match that of Sentan ... funny, the first item of work email i read today was this: the Neulevel SRS is currently down, .biz registrations are therefore not possible. We will inform you as soon as the registry is online again. your metric for "match" may vary. eric
Re: Telcordia report on ICANN .net RFP Evaluation
> >ICANN Opens Public Comment Forum on .NET Evaluators' Report > >29 March 2005 /dev/null.
Re: Telcordia report on ICANN .net RFP Evaluation
> But my recent post was not "against" (or "for", for that matter) > Verisign. I am just disappointed that ICANN did not have the integrity > to select a company that is _truly_ independent to judge the > applicants. In the prior round ICANN picked a company doing non-trivial business with the LNP/NANPA side of applicant NeuStar. > Would someone from ICANN care to explain their decision process? I > cannot believe they did not know the apparent conflict of interest. Your turn. You can just make the last flight to Argintina. Eric
Re: report of .biz outage...
Ed, The occasional connectivity problems with Neulevel of March 31st persist. Eric
Re: report of .biz outage...
Its between the CORE SRS and the NS SRS. Now if your position is that NS is inerrant, and by assertion, the failure lies somewhere else, fine. Who cares?
Re: Blog...
> and, instead of "polluting" the list with tech news > snippets, post them to a blog. ... > Can I get a Hallelujah?! :-) not from me. makes as much sense as turning nanog into a web-access only mail sink. i liked your news items. and sean's. i wouldn't have known to go look at the iraqi network operator/nic situation if "news" about the hack on aljazeera/akamai-reneg and so on weren't on-list. the sacred cow of the moment is the one with domain names splattered untidily all over the pasture. next week or month or year it could be something else. jamacia w/o reachable nameservers, or a trunk-cut way outside of north america by some barge dragging anchor.
fwd: Cobell lawyers ask trust systems be shutdown again (3rd time)
Howdy all, "Because it is indisputable that the 'poor state of network security' creates an imminent risk of irreparable injury... plaintiffs request that this court disconnect from the Internet and shut down each information technology system which houses or access individual Indian trust data to protect plaintiffs against further injury to their interests...," The perenial fuck't up ness of the US DOI BIA Trust is something that could be fixed, if the contracting office and/or contractors had competitive clue, but they don't, and probably won't ever. Think of it as a finding of fact that depeering is in the best interests of the putative beneficiaries of the Indian Trust systems. Eric --- Forwarded Message Date: Tue, 12 Apr 2005 11:08:44 -0400 (EDT) From: Indian Trust ListServ <[EMAIL PROTECTED]> To: Indian Trust ListServ <[EMAIL PROTECTED]> Subject: Cobell v. Norton - "Sham" Certification Process Used to Okay Defective Computer Systems WASHIINGTON, April 12 -- The Interior Department used "a sham certificati on and accreditation process" to operate defective computer systems which house or access individual Indian Trust accounts, plaintiffs told a federal judge. Citing the Interior Department's own records, lawyers in the Cobell laws uit against Interior Secretary Gale Norton have asked U.S. District Judge Royce Lamberth to reimpose a temporary restraining order, shutting down all trust syst ems. The temporary restraining order and a preliminary injunction against the department are essential to protect 500,000 trust account beneficiaries from fu rther irreparable harm, the petition notes. "Because it is indisputable that the 'poor state of network security' cr eates an imminent risk of irreparable injury...plaintiffs request that this cour t disconnect from the Internet and shut down each information technology system which houses or access individual Indian trust data to protect plaintiffs agains t further injury to their interests...," the petition reads. It cited a study by the Interior Department's own inspector general who reported that "given the poor state of network security...and the the weak acces s controls we encountered on many systems, it is safe to say that we could have easily compromised the confidentiality, integrity and availablity of the identif ied Indian Trust data residing on such systems." Judge Lamberth has twice directed cutoffs of Interior's computer systems to protect trust data. But each time the department has reopened those systems , contending that they were safe from computer hackers. The new filing by the Cobell lawyers reports that Interior's chief infor mation officer, Hord Tipton, has said in a deposition that Interior officials di d not even consider the risk to Indian trust data when they reviewed the systems . Additional details of how the department reconnected its computers using the sham accreditition process are available in the filing for the temporary re straining order at www.indiantrust.com. --- End of Forwarded Message
Re: Memory leak cause of Comcast DNS problems
A friend in St. Paul left me a comment: Irritated Comcast customer from St. Paul here. I'm just glad I didn't wait until Friday to e-file my taxes. Eric
Re: ICANN needs you!
Rodney,
Can you compare the past out-reach exercises and the present one?
You know, process and outcomes.
I'm thinking of the process and outcome of the MITF exercise of 2002/3.
It is now seven years since the issue of appropriation of tribal names
was brought to the attention of the ICANN BoD in an ICANN VI-B(3)(b)(7)
Constituency Application. The situation remains unchanged. On a personal
note, I still recall then-CEO Michael Roberts telling me to just take what
the IPC offered (nothing), as the ICANN bus was leaving the station.
It is now six years since the issue of code point allocation by the iso3166
maintenance agency and indigenous governments was brought to the attention
of the ICANN BoD in WG-C (draft-icann-dnso-wgc-naa-01.txt). The situation
remains unchanged.
The model of an sTLD was adopted, but sex.pro was not what we'd in mind.
Had Jon not died, we might have had a solution along the lines of x.121
(and now ASO RIRs) regional DSO registries, or a .ps-like work-around.
We going on the third year of .iq being dark, with no trust operator, and
no contact initiated by ICANN with the Sponsoring Organization, still in
a US pokey for an exports infraction (they freighted a PC to Malta, which
the forwarding agent then sent to Lybia, and may have freighted a PC to
Syria, about an hour's drive from Beruit). From Louis to the BoD @ Rome
to Vint and Paul over the winter holidays, ICANN has been aware and the
situation remains unchanged.
The .ORG evaluation was rediculous. The evaluator was not independent
or posses subject matter expertise.
The .NET evaluation was rediculous. The evaluator ... ditto.
The control of the DSO et seq by the IPC ("whois") is rediculous.
The vanishing of the ISP Constituency (self-inflicted, but rational in
the context, see the prior item) is rediculous.
When I look at my years of non-accomplishment, and ICANN's years of little
accomplishment, I don't see a lot a rational person could take a lot of
pride in, or want to be associated with. Your milage may vary.
You are correct that "[t]he archives of NANOG are riddled with complaints
and comments about the lack of competent representation and influence for
the networking community within ... ICANN."
An alternative to asking for a new crop of possibly decorative worker bee
candidates to self- or other-identify for a possibly decorative nomination
and selection process is to identify one of more of those existing "complaints
and comments" and attempt to act upon it or them.
Beauty pagents and member pageout events aren't the same as working a task
to a scheduled completion.
Cheers,
Eric
P.S. If discussion of the latest ICANN process event does not belong on
NANOG, does its announcement?
Re: FCC To Require 911 for VoIP
>are you -REALLY- arguing for the return of "finger" ?? If it gets the user a brown fizzy drink ... it can't be a completely bad idea.
ot: gilat (spaceband, starband, deterministic) contacts
howdy, if anyone from gilat (or its northamerican downstreams) is on-list, i'd appreciate a contact. tia, eric
Re: Underscores in host names
> Supporting "IDN" is a necessary job. That's been made clear to the > Internet community. If it "complicates" things, well, then that's > what has to be done. If the Internet is to be global, it can't > restrict the world to just a few convenient languages. Not to quibble unnecessarily, but the folks I came to the dance with at IETF-50, eventually went home fairly disapointed after -51, and -52,with none of their proposed mechanisms drafts having obtained even working group draft status. You know what the constraints are -- no zone local semantics (e.g., case folding rules, courtesy H.A.) for a glyph repetoire that in some ranges is also a character set, no intermediate tables, no flag day(s) for apps, and so on. To describe that as "IDN", rather than "a way to represent, poorly for some, not so poorly for others, character sets other than ASCII in apps", leaves the later reader ignorant of the baroque design choices available and discarded on the road to RACE II. In Abenaki, "w", "ou" and "8" all collate to the same code point, and the representation of the code point is application specific (modern, early, and 17thrCa styles). Eric P.S. 17th century French lacked a "w" character, "8" is a "u" atop an "o".
Re: Stanford Hack Exposes 10,000
Howdy all, Somewhere in this thread there is the issue of description of data collection practices, and for those mammals who care (see "Ice Age" with someone under 10 if you need help decoding that), you can do the following: Review the latest working draft (4 January 2005) of the P3P Spec http://www.w3.org/TR/2005/WD-P3P11-20050104/Overview.html and send issues to [EMAIL PROTECTED] and/or post to Bugzilla http://www.w3.org/Bugs/Public/ The activity you'll be assisting is getting P3P 1.1 to (W3C) last call. Like all IMF work, its unpaid, and in the event of capture, the Secretary will disavow ... Eric
Re: Paul Wilson and Geoff Huston of APNIC on IP address allocation ITU v/s ICANN etc
as i've mentioned previously, when proposing a work-around for the mess that a blind use of iso3166 causes for territorial jurisdictions, jon and i were talking about using x.121 _in_theory_ to aggregate what i knew then (and i know still are) technically weak and policy incomplete states in the americas, and africa. we were talking about nics, not nocs, but at that point in time (and now), for some territorial jurisdictions, the distinction is artifician, a 1st worldism. http://www.gtld-mou.org/gtld-discuss/mail-archive/04468.html definitely not that any of this will change the minds of any of the usual cast of morons at the icann smorgy. i don't have my correspondence with jon, some of it was simply chatting at an ietf. eric
3rd and 4th place horses swap positions
Apparently DENIC is more qualified than Afilias to not run the .net registry. http://www.icann.org/tlds/dotnet-reassignment/net-rfp-finalreport-issue4-27may05.pdf
Fwd: ICANN Board Designates VeriSign ...
ICANN's announcement is at: http://www.icann.org/announcements/announcement-08jun05.htm See also: http://icann.org/tlds/dotnet-reassignment/net-rfp-process-summary-08jun05.pdf And so much for that. Eric
Re: ICANN, VeriSign Will Consider Changes on .net Agreement
FWIW, we did a "Major Protest" at the Rome meeting about Sitefinder and it took Vint months to come to the conclusion that it (interposition on the lookup error semantics) was not just a business decision. I don't know if it is the repeated "ICANN can't be trusted / is corrupt" messaging, or the sensitivity of the .NET "rebid" (aka VGRS deregulation) that got the prompt action -- by VGRS, not the ICANN BoD, but it is more likely the latter (YMMV), so it isn't a sign in itself that ICANN has any more clue today than yesterday. Eric
Re: ICANN, VeriSign Will Consider Changes on .net Agreement
> >I don't know if it is the repeated "ICANN can't be trusted / is corrupt" > >messaging, or the sensitivity of the .NET "rebid" (aka VGRS deregulation) > >that got the prompt action -- > > It's more that ICANN has figured out that registrars are where all > their revenue comes from, and if they dragged their feet signing > contracts or paying, ICANN has precious little leverage over them. That wasn't our reading of the balance of forces (contractualand share) as recent as the last budget go-around. YMLV. Vint's sent a note to the Registrar Constituency Chair in reply to the note from the 30 RC members present at the Luxembourg meeting. Eric
j19n (was: Re: Turkey has switched Root-Servers)
wearing my worked-on-p3p-for-years hat, jurisdiction matters. how this translates into operational issues is: whois nonsense sld namespaces deresolution (upon local rule) process pricing and non-cash predicate and post-conditions moronic (or not) primary geolocs encodings and equivalancies (actually an interesting issue, the ietf not withstanding) safe harbor and data protection scope and semantics enjoy, eric
Re: Mail with no purpose?
To pick on one bulk political mailer, Kintera.Org, mail from [EMAIL PROTECTED] contains a tracking gif, a 1x1, within the html portion of a multipart MIME payload. Voila: http://www.kintera.org/omt/70069677.gif'> Yes I've kevetched to the Kucinich campaign that putting tracking gifs in political marketing is dumb, but to no avail. Of course the html contains more URLs than just the one into Kintera's mail delivery and click-through tracking playpen. Wrong community I know (ASRG is over there) but something like DCC that catches the "twinkle" of a spam's URL payload by nsen niggles me. Eric
Re: VeriSign's rapid DNS updates in .com/.net
> the primary beneficiaries of this > new functionality are spammers and other malfeasants, I think this is a true statement. I think it is important to keep in mind that registry operators "compete" for TLD franchises, and where those "competitions" occur, this statement is not belived to be true. Eric
Re: VeriSign's rapid DNS updates in .com/.net
Mark, I've been looking at spam in blogs, that is paxil et al domain names that are POSTed into blogs as comments. An example (from http://wampum.wabanaki.net/archives/000794.html, a post on this very subject) follows this reply to you. Some number of URLs are presented to engines that index this blog, and as long as the data generated from those indexings (rankings) has value, or the GET captured pages are cached by the indexing engines, value is transfered from the host blog to the producers of ratings, or the producers of means to obtain an increase in ratings, or the rated domain name. One example I used earlier was a domain name owned by a major pharmacutical company, and inserted in as many blogs as I cared to look at. For want of a better term, I feel like I'm looking at an ad network (zombie writer population) that performs ad placements (from xdsl puddles in Italy or elsewhere) for buyers. It isn't banner-ads that are being placed, but a latent index ranking that will be harvested within some few number of days after placement. Here is one viewed from an apache logfile: customer72-236.mni.ne.jp - - [22/Jul/2004:13:31:53 -0400] "POST /cgi-bin/mt-comments.cgi?entry_id=339 HTTP/1.0" 200 1713 Entry 393 was posted on July 15, 2003, a little over a year ago. The attempted POST is ment not be detected by any means other than exhaustive indexing of some weblog. I think I'm looking at a click-through model that is defined by a theft of advertizing value, whether banners for eyeballs, or tags for ranking. I'm getting redundant, but I've got two early readers pulling my fingers off the keyboard and onto their texts. As long as the names are either indexed, or resolve, the covert ad works. Thinking about reducing the persistence of resolution of covert placed names has caused me to think about spam and agility. For my part, it is, as you pointed out, conjecture. I'm too busy trying to get my little registrar business off the deck to perform "studies". But as I look at the example (below), it seems interesting to think about the resolution of the names and the delivery of the names (in spam) as potentially a synchronous event. That's why "instant ad" seems abuse prone to me, and "instant mod" even more so. There appear to be 15 URLs embedded in the comment below, which I selected simply for having "levitra" in it. As always, YMMV, and yes, I worked for an ad network (Engage/Flycast/CMGI), and there is no 1x1 tracking gif anywhere in this message. Eric --- begin --- COMMENT: AUTHOR: http://www.fabuloussextoys.com EMAIL: [EMAIL PROTECTED] IP: 81.152.188.36 URL: http://www.fabuloussextoys.com DATE: 06/08/2004 09:16:22 AM The actor who plays http://www.888.com Connor in Angel will not bereturning for the http://www.mobilesandringtones.com fifth season of Angel. The actor will guest star in one http://www.celebtastic.com episode at the start of the http://www.ringtonespy.com season. The producers decided not to http://www.levitra-express.com pick up the actor's contract http://www.williamhill.co.uk for another season, as the character didn't have a http://www.cialis-express.com place to fit into the new story arc. Vincent is the second actor to http://www.adultfriendfinder.com leave the show, as producers also http://www.unbeatablemobiles.co.uk dropped Charisma Carpenter http://www.mobilequicksale.com from the cast. It is widely believed these two http://www.unbeatablecellphones.com actors have been dropped to make http://www.adultfriendfinder.com way for the two additions to Angel's http://www.lookforukhotels.com cast next season. James http://www.dating999.com Marsters is to join the cast ht! tp://www.adultfriendfinder.com of Angel next season, --- end ---
Re: VeriSign's rapid DNS updates in .com/.net
> In other words, Verisign is unhappy that spammers are now registering > primarily .biz domains and Verisign is no longer getting getting share > of their business? Do you want me to answer that wearing my hired-by-NeuStar-to-write-.biz hat or my fired-by-NeuStar-for-trying-to-policy-.biz hat? Or my almost-anybody-but-NSI/VGRS hat? ;-)
Re: VeriSign's rapid DNS updates in .com/.net
Richard wrote: > ... the return path provides ... This was where I ended up also. As Barry and others have discussed on the asrg, the write-side is throw-away assets. The "return path" is where the persistence of the names used is greater and the value to the scheme is realized. and Randy wrote: > all they need to do is register foo.bar > with delegation to their dns servers, and change a third level > domain name at will. Yeah. But that's where registrars and registries can interpose on the scheme. The static 2LD with a twinkling constelation of 3LDs is still vulnerable. A run of twinkling 2LDs is harder for registrars and/or registries to break, cross registries and registrars. There may be fewer points of failure in the NS-set used for a particular campaign. Eric
Re: VeriSign's rapid DNS updates in .com/.net
I don't want to digress into a spam-l or asrg standard thread, but I do want to point out the similarity of what I think are ad networks that manage sets of write-engines (aka "zombies") in the blog-spam (http) problem space with the canonical abuse-desk/xdsl swamp meta-thread on nanog. I'm observing rotation of write-side assets (dsl zomb-o-the-moment), and rotation of ad inventory (variation on viagra/paxil/casino/xxx domains. This is in response to the comment that begins > Let's just be clear that not all sites mentioned in spam are profiting > ... Which was in reply to a comment that concluded > Spam doesn't occur in a vacuum. The other half is the "site(s)" profiting > ... Eric
Re: Reporting the state of an apparatus to a remote computer patented
so ... mark lottor's your-machine-room-is-melting thermo+modem circa 1990 is what? prior art?
Re: Oct. NANOG - hotel? At the two month marker now.
> ... Reston is Hell, but with better visuals. I'm not certain of the truth of this comparison, having only half the data at hand. However, it has to be just about the least interesting place on the whole Eastern seabord to travel to.
Re: Verisign vs. ICANN
> It would only be useful if those people were also in a position to > vigorously defend said patents when (and if) they were infringed. assign the patents to icann, to the eff, to the registrar constituency ...
Ivan and outages
I'm looking for operational status information from Grenada, Jamaica, Grand Caymen, and Cuba. Anyone with clue drop me a note off-list, I will post a summary.
cisco source saga
This just made reuters: http://www.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=6281153§ion=news
Anyone awake at blogspot (or google)?
Oki all, Anyone know what the story is for this morning's multi-hour unscheduled down-time for blogspot? Backhoe's surround building 5? (oops, showing my age). TiA, Eric
Re: In case you didn't notice: Virtual protest
The C-SPAN site may be under significant load. Ari Flisher got laughed off the stage today by the WH Press Corps. Start at an offset of :28 and listen for the phrase "laughed off the stage".
Re: In case you didn't notice: Virtual protest
My partner tells me that WH, Senate, and House in-bound voice has had load above capacity for some of the day. The call volume is in excess of 10^^6.
Re: Iraqi Internet communications still working 3/21/03
> And to answer the question, no I don't know why the .IQ top-level domain > is registered in Richardson Texas, nor do I know why the official state > provider uses .NET and .COM instead of .iq. That is who the IANA delegation was made to: The SO for the .IQ delegation is (as of 13 Oct '02) Alani Corp. c/o InfoCom 630 International Parkway Richardson, Texas 75081 United States Administrative Contact: Saud Alani Alani Corporation c/o InfoCom 630 International Parkway Richardson, Texas 75081 United States Email: [EMAIL PROTECTED] Voice: +964 1 556 4753 Fax: +1 972 644 8609 Technical Contact: Bayan Elashi InfoCom Corporation 630 International Parkway Suit 100 Richardson, Texas 75081 United States Email: [EMAIL PROTECTED] Voice: +1 972 644 5363 Fax: +1 972 644 8609 There is no URL for registration services. I wrote [EMAIL PROTECTED], [EMAIL PROTECTED] on 06.02.03, asking about registration (I'm an ICANN accredited registrar, whoop-de-doo, looking at ccTLDs, but mostly as a co-author of the EPP spec and as an implementor looking for guinea pigs er field trials). I've had better luck with the .IR registry. The operator and I both were at Berkeley, doing maths. So, the long and the short of "why any provider uses something other than the .IQ namespace" is -- see [1], effectivally a denial of service attack by the sodding SO and operator -- though it is hyperbole to call slacking off for months "an attack". > Since either the Iraqi government or the US government could shutdown the Aside, the namespace management doesn't require addrs to exist, be allocated, or even wires, everything could be in London, or Zurich. Anyway, some good writing has been coming out of Bagdad for several months, the usual mechanism is dialtone to an external isp, and then, they are as close to you as I am. Anyone interested in getting the .IQ registry operational, so it can be transfered to a _responsible_ sponsoring org with a non-lame operator after the current moment of scheduled down-time is transited? If so, drop me a note. Eric [1] http://www.icann.org/general/pn-report-11feb00.htm
Re: Iraqi Internet communications still working 3/21/03
If you want to check your memory, all you need to do is contact the leading registries setting up the (new) ccNSO (of ICANN). There was a liaison from ICANN, I met him at the Montevideo and MdR meetings in '01. The short answer is, it is fucked, indepedent of any flag waving by anyone. It differs only in detail from the general fucked-ness of the re-purposed ccTLDs only in the remarkable worthlessness of the sponsor and operator. > So you need to write to Saddam to get your .iq registry working, you might want > to hold that thought a few days.. There really is no barrier to entry, is there? I mean, a complet moron can subscribe to nanog, and play flamer. Cheers, Eric
Re: Iraqi Internet communications still working 3/21/03
i'm keeping a page with what little i know http://nic-iq.nic-naa.net
Gifts for a CTO who has everything ...
How does one convey to a CTO who has everything that nmap 10.0.0.0/8 has side effects? > Sorry - I didn't expect it to be running for such a long time. I apologize > for any consternation it may have caused. I ran it because I couldn't get > into the system "larceny" that night. I thought that a map of our network > might help me find it. > > After having run the nmap on a smaller subnet, I decided to re-run it on > the larger address space to provide documentation about our network. Seriously. Does life get any better than this? Eric
Re: aljazeera.net domain owned.
according to the nsi retail interface, the contacts are: jazeera space channel tv station (account holder) mj alaliaj7476 (administrative contact) (they are not one of my retail or wholesale customers, and i'm not operational as a com/net registrar, yet.) it is simple enough for them to change the .com zone ns records for their SLD. folks wanting to move the data from nanog to a web page, just sent it to me, i'll add it as an annex to my "what little i know about .iq" page, at nic-iq.nic-naa.net eric
Re: aljazeera.net domain owned.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page). I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
More Gifts for a CTO who has everything ...
This week's puzzle ... What is symmetry? The mail relay for a defunct ISP with some 20k users has between 100k and 200k instances of sendmail journaled per day. At any point in time, there are about 1k entries in the host's proctable, 80% are the MTA, and a few connections/sec to port 25, with default MTA rules for open-relays, blacklists, etc. The host is an E250, running Solaris 2.6, with historically problematic roll-your-own-RAID. The load average is nearly zero. iostat and vmstat show nominal load, only 700 users are actually "getting mail", and with a multi-day delay observed anectdotally. ... Asymetric dns (forward and reverse paths with differing SOAs), plus rate limiting at the access router for all forward maps, can result in serious disfunction. Fixing the CTO's dns brought the proctable count down to sub-100. For what it is worth, this is the most horked machine I've ever seen. I decided not to try and explain this one. >From the post to nanog of the 25th, "Gifts for a CTO who has everything ..." (nmap 10.0.0.0/8 has side effects) "Does life get any better than this" Best humor reply: Setup peering with a new provider that PROXY ARPs all your destinations. Second place (tie): LART the sucker, and the perenial foam bat. Best psychology reply: ... find a high-intensity clueino source? But clueinos interact very weakly with that sort of matter... The CTO's actual reply was "Do we have load that high? Were we being attacked by some script kiddies?? Very, very weak interaction. Cheers, Eric
SpamCop error (was: Re: More Gifts for a CTO who has everything ...)
Oki all, It appears that I closed the door on this too early. Then again, today is the first of April. Then again, I write about Iraq (not adulatory of any of the parties and their delights), and technotrivia, like "can .iq be operated like .tp was (via an ISP in .ie) while occupied?" Anyhow, SpamCop V1.3.3 is proud to point out that the following item of mail, sent to this list (nanog), meets its seal of Spam-Proval. I know cause my ISP (home) asked me "Eric, what's up with this?" The originating host ran FreeBSD 5.0 and sendmail 8.12.8 when the mail was sent (.9 now, obviously). > >From the post to nanog of the 25th, "Gifts for a CTO who has everything ..." > (nmap 10.0.0.0/8 has side effects) > > "Does life get any better than this" > > Best humor reply: > > Setup peering with a new provider that PROXY ARPs all your > destinations. > > Second place (tie): LART the sucker, and the perenial foam bat. > > Best psychology reply: > > ... find a high-intensity clueino source? > But clueinos interact very weakly with that sort of matter... > > The CTO's actual reply was "Do we have load that high? Were we being > attacked by some script kiddies?? Very, very weak interaction. Would someone with spmacop clue look at the following and drop me a note of decode? > [EMAIL PROTECTED] sent > - - SpamCop V1.3.3 - > This message is brief for your comfort. Please follow links for details. > > http://spamcop.net/w3m?i=z193709546z369077d7127270f8cd00e0f3861920f0z > Email from 216.220.241.233 / Sat, 29 Mar 2003 10:21:31 -0500 (EST) Am I the only nanog'er so blessed? My ISP is now happy, so there only remains SpamBlop brain-death, or a non-gruntled nanog reader using SpamBlop to effect source-quench. Cheers, Eric
Re: Reporting Internet incidents to Homeland Security
I've forgotten the date, but there was an "event" that was not an "event", but which significantly perturbed the ARPAnet of the time. Since I was at SRI, it was between 1987 and 1990 -- before SRI had an I4 or whatever. I had a conversation that evening with the duty officer at an agency that had "where did you put the bomb Mr. Brunner" as its starting point. The net was the the couldn't dump in finite time, though I did mine, a bunch of MILNET subnets and boxen (e.g., CENTCOM, SOCOM, etc.), and that was a problem. The evening ended with a chat with a senior technical member of staff at on the distribution of clue. I wrote up on it, and eventually a quasi-govo-dork contacted me to share his lack-o-clue. Sometime subsequent, or prior, but also while I was running the same playpen at SRI, there was the Morris Worm. I wasn't one of the decoders. If memory, always a feeble thing, serves, I made a call to a senior technical member of staff at on the distribution of clue. Twice the propeller-heads were hours (or days, or weeks, or professional lives) ahead of the Feds. Anyone for 3-out-of-5? Does ENO matter? I think CERT came from those calls. I'm probably mistaken. It probably came from a golden drop of Retsyn. The orange jump suits were early Ghostbuster. Anyway, the clue-density of the DOJ/HSD isn't enough to get optimistic over, and the deck-chair exercise the current ship-o-fools is engaged in, while highly entertaining, and wildly distracting from minor issues like getting work done, isn't enough to divert paid staff time to feed. I _did_ notice that when unpopular, "unpatriotic", network operators were the targets of coordinated and opportunistic criminal acts, that the DOJ and HSD had other priorities. That's the dns hijacking of Al Jazeera, in the US (registrars and registry), the ddos on webservers in New Jersy, and ddos transit through the US to non-US targets. Wake me up when there's a photo op with Secretary Ridge or some DoJ hitter with his or her foot on a pile of "patriotic" script-kiddie heads. I'd like to think that "law" and "net" together means something other than a game of badmitten. Eric
Re: .mil domain
On Fri, 30 May 2003, Randy Bush wrote: In another context, someone claimed that zone managers should be able to create zone-specific semantics, for something unique to that context. Eventually, the recieved wisdom available to that particular context was that zone-specific semantics would violate the law of minimum astonishment, and discussion of zone-specific semantics was barred by the process available to that context. Not accepting their difference is different from asserting that they may not differ.
Re: off-topic, contact needed at mac.com
Looking for a human (or even an auto-ACK-mailbot) at any of:
{abuse,hostmaster,[EMAIL PROTECTED],apple}.com
has proven fruitless. If anyone has a pointer I'd appreciate it.
TiA,
Eric
