[Sanctions-Research] Beacon
John Kristoff
jtk at dataplane.org
Sat Mar 19 06:49:16 PDT 2022
On Sat, 19 Mar 2022 03:32:34 +0100
Bill Woodcock <woody at pch.net> wrote:
> > What data exactly do you plan to collect at the authoritative DNS
> > servers and at the addresses? What can be used for research
> > measurements?
>
> Can you use more words, and explain the questions more fully?
What, if any data will be collected and made available that involve the
beacon-related systems. I'm not really sure what is practical and
deemed appropriate between competing privacy concerns and the utility
for research so I'll enumerate it this way:
* On the authoritative DNS servers that serve beacon names/zones, will
the DNS queries for those names be logged and made available?
* On the beacon end hosts that can be used to test connectivity (e.g.
ICMP echo or HTTP(S) requests), will that request traffic or log data
be captured and made available?
* On whatever systems that serve the feeds, will client access or
sync requests for that data be made available?
The point being that there is research value in being able to assess
usage and access to the sanctions beacon and publication systems.
However, there may also be some concerns about making some or all of
that detail available. Perhaps anonymization plays a role. As a
researcher, just asking the questions of the operations team. We will
work within the parameters you decide.
> Some, but not an infinite number. Would just cycling periodically
> between two addresses do the trick?
That sounds more helpful for measurement than not cycling. :-)
> I guess you’re wanting to see whether people somehow get stuck on an
> old policy?
Correct.
John
More information about the Research
mailing list