Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] ***SPAM*** Re: letit2 [.] bit blacklist

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] ***SPAM*** Re: letit2 [.] bit blacklist


Chronological Thread 
  • From: Administrador <admin AT bambusoft.com>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] ***SPAM*** Re: letit2 [.] bit blacklist
  • Date: Tue, 18 Jul 2017 16:06:37 -0500
  • Dkim-filter: OpenDKIM Filter v2.9.1 sagan.bambusoft.mx B4AD81DF67
  • Organization: http://www.bambusoft.com

IMO. If a single domain is causing the problem, I think the operator of that TLD can block the domain (or the user if he/she does not follow the charter).
But, operator can do this -only- if he/she has validated it

Regards

Mario


El 18/07/2017 a las 11:11 a. m., Calum McAlinden escribió:
(sorry, I wrote this email earlier but accidentally sent it to Arthur Garnier instead of the mailing list)

Hi,

I am the operator of the OpenNIC server which generates OpenNIC's .bit zone from the blockchain.

This is something that has been concerning me for awhile. I recently became aware of malware developers are using OpenNIC T2 servers in their malware to resolve .bit domains which contain the IP address of command and control servers.

I had also been answering a several inquiries about zone updates over a few months. Eventually I looked into the domains in question and what they appear to be used for, which was C&C servers for malware.

OpenNIC really has 3 options:

- Continue resolving .bit domains known to be used for malware purposes, in effect facilitating the distribution of malware

- Blacklist these domains democratically, thus not being a true representation of the names registered in the blockchain and raising censorship issues

- Drop the entire .bit zone


What are people's thoughts on this?

Regards,
Calum

On 18/07/17 15:49, Jonah Aragon wrote:
You can probably blacklist that single domain for the time being as attack mitigation, but blacklisting any domain or TLD would make your Tier 2 no longer compatible with OpenNIC.

But this is the reason we keep bringing up removing .bit entirely, from what I can tell it seems to bring much more trouble than it's worth, but maybe that's the cost of a successful alt-TLD. Perhaps we should revisit the .bit removal discussion.

Look into rate limiting or ask for help on IRC if your server is under attack.

Jonah


On Tue, Jul 18, 2017, 4:22 AM Arthur Garnier <arthur AT arthurgarnier.fr <mailto:arthur AT arthurgarnier.fr>> wrote:

    Hello,

    My dedicated server provider (OVH.com) asked me, yesterday, to blacklist
    the domain "letit2.bit" because it's a domain used by a malware
    (https://malwarebreakdown.com/2017/06/06/relst-campaign-delivering-pony-downloads-chthonic/
    )

    After checking my logs from yesterday, this domain name has been
    resolved more than 125,000 times in 24 hours.

    Maybe we should blacklist this domain from an higher level than Tier2.
    Or it's against the policy ?

    Regards,

    Arthur



    --------
    You are a member of the OpenNIC Discuss list.
X-Bambusoft-SPAM: Body
    You may unsubscribe by emailing
    discuss-unsubscribe AT lists.opennicproject.org
    <mailto:discuss-unsubscribe AT lists.opennicproject.org>





--------
You are a member of the OpenNIC Discuss list.

X-Bambusoft-SPAM: Body
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




--------
You are a member of the OpenNIC Discuss list. 
X-Bambusoft-SPAM: Body
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--

Administración / Soporte técnico
admin AT bambusoft.com / +52 (33) 1815-6186 Bambusoft http://www.bambusoft.com

Este mensaje de correo puede contener información privilegiada o confidencial para uso exclusivo de su(s) respectivo(s) receptor(es). Cualquier distribución diseminación, copia o la toma de cualquier acción en relación con la información aqui contenida esta prohibida. El correo electrónico no es seguro y no puede garantizarse que sea libre de errores ya que puede ser fácilmente interceptado, modificado o contener virus. Cualquiera que se comunique con nostros por correo electrónico se entiende que acepta estos riesgos. La empresa no se hace responsable de errores u omisiones en este mensaje y niega cualquier responsabilidad por cualquier daño como resultado del uso de este correo. Cualquier opinión o afirmación contenida en este mensaje y sus archivos adjuntos son responsabilidad única de su autor y no necesariamente representan los de la empresa. This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Company Name is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. Aviso de privacidad

PNG image




Archive powered by MHonArc 2.6.19.

Top of Page