Discuss mailing list

["Daniel Quintiliani" <danq AT runbox.com>]

Continue to resolve .bit domains. It's not anyone's job to police the 
Internet at the demands of strangers you've never met.

--

-Dan Q


On Tue, 18 Jul 2017 17:11:25 +0100, Calum McAlinden <calum AT mcalinden.me.uk> 
wrote:

> (sorry, I wrote this email earlier but accidentally sent it to Arthur 
> Garnier instead of the mailing list)
> 
> Hi,
> 
> I am the operator of the OpenNIC server which generates OpenNIC's .bit 
> zone from the blockchain.
> 
> This is something that has been concerning me for awhile. I recently 
> became aware of malware developers are using OpenNIC T2 servers in their 
> malware to resolve .bit domains which contain the IP address of command 
> and control servers.
> 
> I had also been answering a several inquiries about zone updates over a 
> few months. Eventually I looked into the domains in question and what 
> they appear to be used for, which was C&C servers for malware.
> 
> OpenNIC really has 3 options:
> 
> - Continue resolving .bit domains known to be used for malware purposes, 
> in effect facilitating the distribution of malware
> 
> - Blacklist these domains democratically, thus not being a true 
> representation of the names registered in the blockchain and raising 
> censorship issues
> 
> - Drop the entire .bit zone
> 
> 
> What are people's thoughts on this?
> 
> Regards,
> Calum
> 
> On 18/07/17 15:49, Jonah Aragon wrote:
> > You can probably blacklist that single domain for the time being as 
> > attack mitigation, but blacklisting any domain or TLD would make your 
> > Tier 2 no longer compatible with OpenNIC.
> > 
> > But this is the reason we keep bringing up removing .bit entirely, from 
> > what I can tell it seems to bring much more trouble than it's worth, but 
> > maybe that's the cost of a successful alt-TLD. Perhaps we should revisit 
> > the .bit removal discussion.
> > 
> > Look into rate limiting or ask for help on IRC if your server is under 
> > attack.
> > 
> > Jonah
> > 
> > 
> > On Tue, Jul 18, 2017, 4:22 AM Arthur Garnier <arthur AT arthurgarnier.fr 
> > <mailto:arthur AT arthurgarnier.fr>> wrote:
> > 
> >     Hello,
> > 
> >     My dedicated server provider (OVH.com) asked me, yesterday, to 
> > blacklist
> >     the domain "letit2.bit" because it's a domain used by a malware
> >     
> > (https://malwarebreakdown.com/2017/06/06/relst-campaign-delivering-pony-downloads-chthonic/
> >     )
> > 
> >     After checking my logs from yesterday, this domain name has been
> >     resolved more than 125,000 times in 24 hours.
> > 
> >     Maybe we should blacklist this domain from an higher level than Tier2.
> >     Or it's against the policy ?
> > 
> >     Regards,
> > 
> >     Arthur
> > 
> > 
> > 
> >     --------
> >     You are a member of the OpenNIC Discuss list.
> >     You may unsubscribe by emailing
> >     discuss-unsubscribe AT lists.opennicproject.org
> >     <mailto:discuss-unsubscribe AT lists.opennicproject.org>
> > 
> > 
> > 
> > 
> > 
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing 
> > discuss-unsubscribe AT lists.opennicproject.org
> > 
> 
> 
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org