At 06:52 23-09-2011, The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'Recommendations for the Remediation of Bots in ISP Networks'
<draft-oreirdan-mody-bot-remediation-16.txt> as an Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2011-10-21. Exceptionally, comments
I suggest publishing this document or else the FCC would have to
reference a work-in-progress.
In Section 1.5:
"DNS Fast Fluxing occurs when a domain is bound in DNS using A records
to multiple IP addresses, each of which has a very short Time To Live
(TTL) value associated with it."
I suggest covering AAAA records as well.
"This means that the domain resolves to varying IP addresses over a
short period of time."
According to that definition and the following:
; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 18.104.22.168
google.com. 300 IN A 22.214.171.124
google.com. 300 IN A 126.96.36.199
google.com. 300 IN A 188.8.131.52
google.com. 300 IN A 184.108.40.206
google.com qualifies as a fast-flux service network.
In Section 4:
'Where legally permissible or otherwise an industry accepted
practice in a particular market region, an ISP may in some manner
"scan" their IP space in order to detect un-patched or otherwise
vulnerable hosts, or to detect the signs of infection.'
The same paragraph acknowledges that this technique would not be
effective due to NAT devices. It would be better if ISPs do not
resort to wide-spread "scanning".
Section 5.1 discusses about email notification. As noted, it creates
a market for social engineering. This common form of notification
should not be encouraged.
In Section 10:
"As noted in Section 8, any sharing of data from the user to the ISP
and/or authorized third parties should be done on an opt-in basis."
I suggest using "with the consent of the user" instead of "opt-in" as
the latter is everything but opt in nowadays.
Ietf mailing list