1 / 7

Malicious Hubs

Malicious Hubs. Sarah Jaffer. Malicious Hubs. PCs monitored by users Varying levels of security Autonomous Systems (AS) monitored by sysadmin Same security within a system Which is more valuable in a botnet?. Malicious Hubs. Some AS have poor security

marcie
Download Presentation

Malicious Hubs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malicious Hubs Sarah Jaffer

  2. Malicious Hubs • PCs monitored by users • Varying levels of security • Autonomous Systems (AS) monitored by sysadmin • Same security within a system • Which is more valuable in a botnet?

  3. Malicious Hubs • Some AS have poor security • If one machine can be infected, many can • Some may be criminal • Either way, these malicious hubs need to be shut down • First, need to be identified

  4. Methodology • Aggregate blacklists of malicious IPs • Determine what AS (if any) they belong to • Longest prefix matching on IP • Evaluate AS using these statistics • Two methods

  5. Method 1 • Ratio of malicious IP to total IP range • Total IP range is approximate • Blacklists may not have all malicious IPs • Wide variance in AS hostility • ~0.6% to 9.25% of IP range compromised

  6. Method 2 • Percentage of each blacklist database comprised of each AS • Characterizes different AS tendency towards different activity • Most small: 0.25% to 1% • Few large: 7% to 10%

  7. Conclusions • Methods identify AS which are either insecure or criminal • Enough evidence to hold them accountable? • How much do blacklists miss? • Other methods of evaluation?

More Related