ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-oreirdan-mody-bot-remediation-16.txt> (Recommendations for the Remediation of Bots in ISP Networks) to Informational RFC

2011-10-03 05:42:09
from [SM] [Permanent Link] 
At 06:52 23-09-2011, The IESG wrote:


The IESG has received a request from an individual submitter to consider
the following document:
- 'Recommendations for the Remediation of Bots in ISP Networks'
  <draft-oreirdan-mody-bot-remediation-16.txt> as an Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2011-10-21. Exceptionally, comments 
may be
I suggest publishing this document or else the FCC would have to reference a work-in-progress. 

In Section 1.5:

  "DNS Fast Fluxing occurs when a domain is bound in DNS using A records
   to multiple IP addresses, each of which has a very short Time To Live
   (TTL) value associated with it."

I suggest covering AAAA records as well.

  "This means that the domain resolves to varying IP addresses over a
   short period of time."

According to that definition and the following:

  ; QUESTION SECTION:
  ;google.com.                    IN      A

  ;; ANSWER SECTION:
  google.com.             300     IN      A       74.125.224.52
  google.com.             300     IN      A       74.125.224.48
  google.com.             300     IN      A       74.125.224.49
  google.com.             300     IN      A       74.125.224.50
  google.com.             300     IN      A       74.125.224.51

google.com qualifies as a fast-flux service network.

In Section 4:

  'Where legally permissible or otherwise an industry accepted
   practice in a particular market region, an ISP may in some manner
   "scan" their IP space in order to detect un-patched or otherwise
   vulnerable hosts, or to detect the signs of infection.'
The same paragraph acknowledges that this technique would not be effective due to NAT devices. It would be better if ISPs do not resort to wide-spread "scanning".
Section 5.1 discusses about email notification. As noted, it creates a market for social engineering. This common form of notification should not be encouraged. 

In Section 10:

 "As noted in Section 8, any sharing of data from the user to the ISP
  and/or authorized third parties should be done on an opt-in basis."
I suggest using "with the consent of the user" instead of "opt-in" as the latter is everything but opt in nowadays. 

Regards,
-sm

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Last Call: <draft-oreirdan-mody-bot-remediation-16.txt> (Recommendations for the Remediation of Bots in ISP Networks) to Informational RFC, SM <=
Previous by Date:  RE: GenART LC review of draft-ietf-appsawg-rfc3462bis-01, Murray S. Kucherawy
Next by Date:  Re: Last Call: <draft-jdfalk-maawg-cfblbcp-02.txt> (Complaint Feedback Loop Operational Recommendations) to Informational RFC, SM
Previous by Thread:  GenART LC review of draft-ietf-appsawg-rfc3462bis-01, Roni Even
Next by Thread:  Re: Last Call: <draft-jdfalk-maawg-cfblbcp-02.txt> (Complaint Feedback Loop Operational Recommendations) to Informational RFC, SM
Indexes:  [Date] [Thread] [Top] [All Lists]