Discuss mailing list

[Calum McAlinden <calum AT mcalinden.me.uk>]

(sorry, I wrote this email earlier but accidentally sent it to Arthur 
Garnier instead of the mailing list)

Hi,

I am the operator of the OpenNIC server which generates OpenNIC's .bit 
zone from the blockchain.

This is something that has been concerning me for awhile. I recently 
became aware of malware developers are using OpenNIC T2 servers in their 
malware to resolve .bit domains which contain the IP address of command 
and control servers.

I had also been answering a several inquiries about zone updates over a 
few months. Eventually I looked into the domains in question and what 
they appear to be used for, which was C&C servers for malware.

OpenNIC really has 3 options:

- Continue resolving .bit domains known to be used for malware purposes, 
in effect facilitating the distribution of malware

- Blacklist these domains democratically, thus not being a true 
representation of the names registered in the blockchain and raising 
censorship issues

- Drop the entire .bit zone


What are people's thoughts on this?

Regards,
Calum

On 18/07/17 15:49, Jonah Aragon wrote:
> You can probably blacklist that single domain for the time being as 
> attack mitigation, but blacklisting any domain or TLD would make your 
> Tier 2 no longer compatible with OpenNIC.
>
> But this is the reason we keep bringing up removing .bit entirely, from 
> what I can tell it seems to bring much more trouble than it's worth, but 
> maybe that's the cost of a successful alt-TLD. Perhaps we should revisit 
> the .bit removal discussion.
>
> Look into rate limiting or ask for help on IRC if your server is under 
> attack.
>
> Jonah
>
>
> On Tue, Jul 18, 2017, 4:22 AM Arthur Garnier <arthur AT arthurgarnier.fr 
> <mailto:arthur AT arthurgarnier.fr>> wrote:
>
>     Hello,
>
>     My dedicated server provider (OVH.com) asked me, yesterday, to blacklist
>     the domain "letit2.bit" because it's a domain used by a malware
>     
> (https://malwarebreakdown.com/2017/06/06/relst-campaign-delivering-pony-downloads-chthonic/
>     )
>
>     After checking my logs from yesterday, this domain name has been
>     resolved more than 125,000 times in 24 hours.
>
>     Maybe we should blacklist this domain from an higher level than Tier2.
>     Or it's against the policy ?
>
>     Regards,
>
>     Arthur
>
>
>
>     --------
>     You are a member of the OpenNIC Discuss list.
>     You may unsubscribe by emailing
>     discuss-unsubscribe AT lists.opennicproject.org
>     <mailto:discuss-unsubscribe AT lists.opennicproject.org>
>
>
>
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org