Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] letit2 [.] bit blacklist

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] letit2 [.] bit blacklist


Chronological Thread 
    < Chronological >      < Thread >
  • From: Simon Castano <netherland-office AT liberland.org>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
  • Date: Fri, 21 Jul 2017 11:07:52 +0200
  • Organization: Representation of the Free Republic of Liberland in the Netherlands
A Non-Profit setup may indeed help protect operators from legal request, nevertheless no domains should be block listed unless operator is legally ordered to do so. We are not here to judge what is good or not.

---
Simon

On 2017-07-18 23:57, Jonah Aragon wrote:
Hmm, OpenNIC liability issues isn't something I've really considered.
Maybe we should revisit the non-profit organization setup, I know we
voted to approve moving forward with that and never did.

I'd be in support of blacklisted domains as need be, but it seems like
asking here every single time wouldn't be the best solution, because
of the need for swift action in the case of domains like these or the
scenario you mentioned. Perhaps a form for users to report suspect
domains and a smaller review committee to decide the fate of the
domains would be better, you could just find some other trusted
parties here and build that into your charter with a single vote here
on the list. With the policy that the domain blacklisting could still
be overridden by a vote here to make sure the users have overall
control.

Everything is up to you taking the first steps here, these are all
just policy edits you'd propose for the .bit charter, so the final say
is yours as the current operator.

Jonah

On Tue, Jul 18, 2017, 3:19 PM Calum McAlinden <calum AT mcalinden.me.uk>
wrote:

The .bit domains in question being used for malware to call home are
only accessible on OpenNIC though, so organisations see OpenNIC as
responsible. This is a problem with linking a decetralised system
with a
centralised one like OpenNIC: the point of centralisation becomes a
target for demands of censorship.

I think most of the OpenNIC TLDs have policies against
illegal/unethical
use, but .bit has no enforceable policy of anything. This leaves
OpenNIC
servers hypothetically acting as an authoritative nameserver for
domains
controlling malware, promoting terrorism, or distributing child
pornography.

While censorship is obviously bad, is democratic blocking of known
abusive domains that bad? A list of blocked domains and reasons
could be
published, and each domain could be voted on with evidence
presented.

For example take another situation such as the recent ransomware
affecting organisations such as the NHS, where the ransomware might
(in
the future) resolve .bit domains to command and control servers. I'm
not
sure how I'd feel about having the single handed ability to alter a
line
of code and halt the spread, yet not doing so.

Of course, I would never do this without the decision of OpenNIC
members.

Given the increasing prevalence of .bit use in malware, I envisage a
situation where maintainers of OpenNIC's servers or the providers
may be
put under pressure by governments to stop resolving domains. Also,
as
OpenNIC (as far as I'm aware) is not a legal entity, does that mean
that
individual members are liable for any damages that such incident
might
cause?

On 18/07/17 21:51, Daniel Quintiliani wrote:
Does Google DNS, OpenDNS, or any ISP with their own DNS ever
receive and follow random demands from private companies with no
legal threats? I know there was that incident years ago when the FBI
shut down malicious DNS servers that were used by ransomware, but
other than that?

--

-Dan Q

On Tue, 18 Jul 2017 15:01:22 -0500, Daniel Shirley
<aditaa05 AT gmail.com> wrote:

Agreed its kind if what we do is to stand up to censorship

On Jul 18, 2017 14:26, "Daniel Quintiliani" <danq AT runbox.com>
wrote:

Continue to resolve .bit domains. It's not anyone's job to police
the
Internet at the demands of strangers you've never met.

--

-Dan Q


On Tue, 18 Jul 2017 17:11:25 +0100, Calum McAlinden
<calum AT mcalinden.me.uk>
wrote:

(sorry, I wrote this email earlier but accidentally sent it to
Arthur
Garnier instead of the mailing list)

Hi,

I am the operator of the OpenNIC server which generates
OpenNIC's .bit
zone from the blockchain.

This is something that has been concerning me for awhile. I
recently
became aware of malware developers are using OpenNIC T2 servers
in their
malware to resolve .bit domains which contain the IP address of
command
and control servers.

I had also been answering a several inquiries about zone updates
over a
few months. Eventually I looked into the domains in question and
what
they appear to be used for, which was C&C servers for malware.

OpenNIC really has 3 options:

- Continue resolving .bit domains known to be used for malware
purposes,
in effect facilitating the distribution of malware

- Blacklist these domains democratically, thus not being a true
representation of the names registered in the blockchain and
raising
censorship issues

- Drop the entire .bit zone


What are people's thoughts on this?

Regards,
Calum

On 18/07/17 15:49, Jonah Aragon wrote:
You can probably blacklist that single domain for the time
being as
attack mitigation, but blacklisting any domain or TLD would
make your
Tier 2 no longer compatible with OpenNIC.

But this is the reason we keep bringing up removing .bit
entirely, from
what I can tell it seems to bring much more trouble than it's
worth, but
maybe that's the cost of a successful alt-TLD. Perhaps we
should revisit
the .bit removal discussion.

Look into rate limiting or ask for help on IRC if your server
is under
attack.

Jonah


On Tue, Jul 18, 2017, 4:22 AM Arthur Garnier
<arthur AT arthurgarnier.fr
<mailto:arthur AT arthurgarnier.fr>> wrote:

Hello,

My dedicated server provider (OVH.com) asked me,
yesterday, to
blacklist
the domain "letit2.bit" because it's a domain used by a
malware
(https://malwarebreakdown.com/2017/06/06/relst-campaign-
delivering-pony-downloads-chthonic/
)

After checking my logs from yesterday, this domain name
has been
resolved more than 125,000 times in 24 hours.

Maybe we should blacklist this domain from an higher level
than
Tier2.
Or it's against the policy ?

Regards,

Arthur



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org
<mailto:discuss-unsubscribe AT lists.opennicproject.org>





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe@lists.
opennicproject.org [1]



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe@lists.
opennicproject.org [1]





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org






--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing
discuss-unsubscribe AT lists.opennicproject.org


Links:
------
[1] http://opennicproject.org


--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

Archive powered by MHonArc 2.6.19.

Top of Page