[council] Fast Flux Hosting

Mike Rodenbaugh mxrodenbaugh at yahoo.com
Thu Apr 10 17:42:43 UTC 2008

I propose the following motion for Council consideration in our next meeting
on April 17th, may I please have a 'second'?
Mike Rodenbaugh
Whereas, "fast flux" DNS changes are increasingly being used to commit crime
and frustrate law enforcement efforts to combat crime, with criminals
rapidly modifying IP addresses and/or nameservers in effort to evade
detection and shutdown of their criminal website;
Whereas, the Security and Stability Advisory Committee has reported on this
trend in its Advisory SAC 025, dated January 2008:
Whereas, the SSAC Advisory describes the technical aspects of fast flux
hosting, explains how DNS is being exploited to abet criminal activities,
discusses current and possible methods of mitigating this activity, and
recommends that appropriate bodies consider policies that would make
practical mitigation methods universally available to all registrants, ISPs,
registrars and registries,
Whereas, the GNSO resolved on March 6, 2008 to request an Issues Report from
ICANN Staff, to consider the SAC Advisory and outline potential next steps
for GNSO policy development designed to mitigate the current ability for
criminals to exploit the NS via "fast flux" IP and/or nameserver changes; 

Whereas, the ICANN Staff has prepared an Issues Report dated March 25, 2008,
25mar08.pdf, recommending that the GNSO sponsor additional fact-finding and
research to develop best practices guidelines concerning fast flux `hosting,
and to provide data to assist policy development and illuminate potential
policy options.;

Whereas, ICANN should consider whether and how it might encourage registry
operators and registrars to take steps that would help to reduce the damage
done by cybercriminals, by curtailing the effectiveness of these fast flux
hosting exploits.
To initiate a Policy Development Process in accord with the ICANN Bylaws, by
forming a Task Force of interested stakeholders and Constituency
representatives, to collaborate broadly with knowledgeable individuals and
organizations, in order to develop potential policy options to curtail the
criminal use of fast flux hosting.

The Task Force initially shall consider the following questions:

..Who benefits from fast flux, and who is harmed?
..Who would benefit from cessation of the practice and who would be harmed?
..How are registry operators involved in fast flux hosting activities?
..How are registrars involved in fast flux hosting activities?
..How are registrants affected by fast flux hosting?
..How are Internet users affected by fast flux hosting?
..What measures could be implemented by registries and registrars to mitigate
the negative effects of fast flux?
..What would be the impact (positive or negative) of establishing
limitations, guidelines, or restrictions on registrants, registrars and/or
registries with respect to practices that enable or facilitate fast flux

The Task Force shall report back to Council within 90 days, with a report
discussing these questions and the range of possible answers developed by
the Task Force members.  The Task Force report also shall outline potential
next steps for Council deliberation.


More information about the council mailing list