[council] Fast Flux Hosting

Mike Rodenbaugh mxrodenbaugh at yahoo.com
Fri Apr 11 00:24:19 UTC 2008


I noted the Staff's recommendation and included it in a 'whereas' clause.
Yet there appears no reason to delay a PDP for factfinding, since a PDP can
begin with that work.  Of course, this is a very time-sensitive issue as
hundreds of phish attacks are launched every week, increasingly many of them
using fast flux techniques. 

I also noted the comments apparently from ICANN Counsel with respect to
scope.  It seems that after this next step, Counsel may wish to give an
opinion as to the outcome up to that date, so that GNSO Council does not
waste time deliberating potential recommendations that are out of its scope.
However, I believe my motion does not raise issues outside the scope of the

The bylaws require us to vote whether to initiate a PDP, within 15 days of
the Issues Report.  Only 1/3 of present Councilors needs to vote in favor of
initiating a PDP after an Issues Report.  

I am curious to hear others' thoughts on my motion, these issues, and any
reasoning as to why we should delay or forego initiation of a PDP, before
deciding whether to accept your friendly amendment.


-----Original Message-----
From: owner-council at gnso.icann.org [mailto:owner-council at gnso.icann.org] On
Behalf Of Tim Ruiz
Sent: Thursday, April 10, 2008 11:42 AM
To: 'Council GNSO'
Subject: RE: [council] Fast Flux Hosting


Why does a PDP need to be initiated to gather the information you
suggest? In fact, the Staff report specifically recommends *that the
GNSO sponsor further fact-finding and research* before considering
whether or not to initiate a formal PDP.

Also, the GC opinion on whether or not this is in scope says that while
*some aspects* are within scope, *the overall question of how to
mitigate the use of fast flux hosting for cybercrime is broader than the
GNSO policy development process.* 
Would you be agreeable to an intended friendly amendment to change the
opening sentenc after RESOLVES to:

*To initiate a Working Group of interested stakeholders and Constituency

Failing that amendment, I believe we would then need a Supermajority in
favor of the motion to initiate a PDP.


-------- Original Message --------
Subject: [council] Fast Flux Hosting
From: "Mike Rodenbaugh" <mxrodenbaugh at yahoo.com>
Date: Thu, April 10, 2008 12:42 pm
To: "'Council GNSO'" <council at gnso.icann.org>


I propose the following motion for Council consideration in our next
on April 17th, may I please have a 'second'?

Mike Rodenbaugh

Whereas, "fast flux" DNS changes are increasingly being used to commit
and frustrate law enforcement efforts to combat crime, with criminals
rapidly modifying IP addresses and/or nameservers in effort to evade
detection and shutdown of their criminal website;

Whereas, the Security and Stability Advisory Committee has reported on
trend in its Advisory SAC 025, dated January 2008:

Whereas, the SSAC Advisory describes the technical aspects of fast flux
hosting, explains how DNS is being exploited to abet criminal
discusses current and possible methods of mitigating this activity, and
recommends that appropriate bodies consider policies that would make
practical mitigation methods universally available to all registrants,
registrars and registries,

Whereas, the GNSO resolved on March 6, 2008 to request an Issues Report
ICANN Staff, to consider the SAC Advisory and outline potential next
for GNSO policy development designed to mitigate the current ability for
criminals to exploit the NS via "fast flux" IP and/or nameserver

Whereas, the ICANN Staff has prepared an Issues Report dated March 25,
25mar08.pdf, recommending that the GNSO sponsor additional fact-finding
research to develop best practices guidelines concerning fast flux
and to provide data to assist policy development and illuminate
policy options.;

Whereas, ICANN should consider whether and how it might encourage
operators and registrars to take steps that would help to reduce the
done by cybercriminals, by curtailing the effectiveness of these fast
hosting exploits.


To initiate a Policy Development Process in accord with the ICANN
Bylaws, by
forming a Task Force of interested stakeholders and Constituency
representatives, to collaborate broadly with knowledgeable individuals
organizations, in order to develop potential policy options to curtail
criminal use of fast flux hosting.

The Task Force initially shall consider the following questions:

..Who benefits from fast flux, and who is harmed?
..Who would benefit from cessation of the practice and who would be
..How are registry operators involved in fast flux hosting activities?
..How are registrars involved in fast flux hosting activities?
..How are registrants affected by fast flux hosting?
..How are Internet users affected by fast flux hosting?
..What measures could be implemented by registries and registrars to
the negative effects of fast flux?
..What would be the impact (positive or negative) of establishing
limitations, guidelines, or restrictions on registrants, registrars
registries with respect to practices that enable or facilitate fast flux

The Task Force shall report back to Council within 90 days, with a
discussing these questions and the range of possible answers developed
the Task Force members. The Task Force report also shall outline
next steps for Council deliberation.

More information about the council mailing list