Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] letit2 [.] bit blacklist

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] letit2 [.] bit blacklist


Chronological Thread 
  • From: "Daniel Quintiliani" <danq AT runbox.com>
  • To: "discuss" <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
  • Date: Tue, 18 Jul 2017 15:24:33 -0400 (EDT)

Continue to resolve .bit domains. It's not anyone's job to police the
Internet at the demands of strangers you've never met.

--

-Dan Q


On Tue, 18 Jul 2017 17:11:25 +0100, Calum McAlinden <calum AT mcalinden.me.uk>
wrote:

> (sorry, I wrote this email earlier but accidentally sent it to Arthur
> Garnier instead of the mailing list)
>
> Hi,
>
> I am the operator of the OpenNIC server which generates OpenNIC's .bit
> zone from the blockchain.
>
> This is something that has been concerning me for awhile. I recently
> became aware of malware developers are using OpenNIC T2 servers in their
> malware to resolve .bit domains which contain the IP address of command
> and control servers.
>
> I had also been answering a several inquiries about zone updates over a
> few months. Eventually I looked into the domains in question and what
> they appear to be used for, which was C&C servers for malware.
>
> OpenNIC really has 3 options:
>
> - Continue resolving .bit domains known to be used for malware purposes,
> in effect facilitating the distribution of malware
>
> - Blacklist these domains democratically, thus not being a true
> representation of the names registered in the blockchain and raising
> censorship issues
>
> - Drop the entire .bit zone
>
>
> What are people's thoughts on this?
>
> Regards,
> Calum
>
> On 18/07/17 15:49, Jonah Aragon wrote:
> > You can probably blacklist that single domain for the time being as
> > attack mitigation, but blacklisting any domain or TLD would make your
> > Tier 2 no longer compatible with OpenNIC.
> >
> > But this is the reason we keep bringing up removing .bit entirely, from
> > what I can tell it seems to bring much more trouble than it's worth, but
> > maybe that's the cost of a successful alt-TLD. Perhaps we should revisit
> > the .bit removal discussion.
> >
> > Look into rate limiting or ask for help on IRC if your server is under
> > attack.
> >
> > Jonah
> >
> >
> > On Tue, Jul 18, 2017, 4:22 AM Arthur Garnier <arthur AT arthurgarnier.fr
> > <mailto:arthur AT arthurgarnier.fr>> wrote:
> >
> > Hello,
> >
> > My dedicated server provider (OVH.com) asked me, yesterday, to
> > blacklist
> > the domain "letit2.bit" because it's a domain used by a malware
> >
> > (https://malwarebreakdown.com/2017/06/06/relst-campaign-delivering-pony-downloads-chthonic/
> > )
> >
> > After checking my logs from yesterday, this domain name has been
> > resolved more than 125,000 times in 24 hours.
> >
> > Maybe we should blacklist this domain from an higher level than Tier2.
> > Or it's against the policy ?
> >
> > Regards,
> >
> > Arthur
> >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.opennicproject.org
> > <mailto:discuss-unsubscribe AT lists.opennicproject.org>
> >
> >
> >
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing
> > discuss-unsubscribe AT lists.opennicproject.org
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page