Bob bruen garth bruen
Download
1 / 21

- PowerPoint PPT Presentation


  • 268 Views
  • Uploaded on

Bob Bruen Garth Bruen. “ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”. Standard Approaches. Filter & Block Identify Spammers Blacklist Criminal Prosecution Civil Litigation Challenge/Response Reputation Protection. Definition: Infrastructure The Front End . ICANN

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - MartaAdara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Bob bruen garth bruen l.jpg

Bob Bruen

Garth Bruen

“(Ab)Using ICANN’s Procedures as a Way to minimize Spam”


Standard approaches l.jpg
Standard Approaches

  • Filter & Block

  • Identify Spammers

  • Blacklist

  • Criminal Prosecution

  • Civil Litigation

  • Challenge/Response

  • Reputation Protection


Definition infrastructure the front end l.jpg
Definition: InfrastructureThe Front End

  • ICANN

  • Top Level Registrars

  • Retail Registrars

  • ISPs

  • Policies and Procedures

  • Resources Capacity


Front end problems l.jpg
Front End Problems

  • Because of:

    • Weak procedures

    • Policies not followed

    • Inadequate resources

  • Consquences are:

    • Target rich environment

    • Spam platform

    • Enhances botnets, malware, etc


Whois data problem report system wdprs l.jpg
Whois Data Problem Report SystemWDPRS

  • Whoisdata accuracy REQUIRED

  • 15 days to fix whois record

  • Created for just these complaints

  • One at a time complaints

  • Designed for small numbers


Modern complaint process l.jpg
Modern Complaint Process

  • Match spammers capability

  • Employ large scale operations

  • Automate everything

    • Processing spam submissions

    • Filing of complaints

      Follow ups


Knujon l.jpg
KnujOn

  • Delivers Massively Scalable Automated Spam Handling

  • Strict Use of ICANN Procedures Once Detected

    Front End Spam Prevention Compliments

    Spam Detection & Elimination


What is different l.jpg
What Is Different

  • Not a honeypot – real people

  • Spam collection spans years

  • Targeting transaction sites

  • Apply ICANN policy enforcement

  • Scale of complaints filed

    • ICANN Report 2006: ~45% was Project KnujOn


Volume of knujon reports l.jpg

250,000

200,000

150,000

100,000

50,000

0

'06

'07

'08

'09

Volume of KnujOn Reports

KnujOn Complaint Volume Through ICANN WDPR

2008 anticipated will be 4 times that of 2007


Knujon key processes l.jpg
KnujOn – Key Processes

  • “Follow the money”

  • User submitted spam (ftp or email)‏

  • Spam analyzed for Transaction site

  • Whois data acquired & verified

  • Automated complaint filed if not accurate

  • Follow up


Metadata l.jpg
MetaData

  • Large Database

  • We can correlate

    • Scam sites & individuals

    • Sites & criminal groups

    • Groups, ISPs, Registrars

  • Analyze trends


Scale problem l.jpg
Scale Problem

  • 50,000,000 Registrations in 2007

  • 50,000 Complaints - Apparent Limit

  • Off by three orders of magnitude

  • Shutdown 55,000+ (PoC)

  • 20,000-25,000/day submissions


Big problem actually small l.jpg

93% of Complaints at 10 Registrars

All other

registrars

10 Registrars

“Big” Problem Actually Small


Repairing the infrastructure l.jpg
Repairing the Infrastructure

  • Evaluate registrar services

  • Rate registrars

  • Rate ISPs

  • Challenge Privacy Protection

  • Test Whois Services

  • Identifying Fake DNS servers


Registrar evaluation l.jpg
Registrar Evaluation

  • Number of complaints

  • Filed & total

  • Acknowledgment/timeliness

  • Action taken

  • Rot days

  • Engaged


Rot days l.jpg
Rot Days

  • “Rot days” = Suspend date – file date

  • Should be shorter than:

    • Tasting days = 5 days (Add Grace Period)‏

    • Average life time = 5 days (UCSD paper)‏

  • Unfortunately increasing



Sample registrar rating caveats l.jpg
Sample Registrar RatingCaveats

  • Only uses our filed complaints

  • Relative ratings matter

  • Small sample n = 9 (~1000 registrars)‏

  • Better & worse registrars exist

  • Only .com numbers


Slide19 l.jpg

Example Rating Table

Registrar

Total Domains

Complaints Filed

Complaints rate

MONIKER

1,956,780

29,855

1.53%

directnfo

1,064,697

9,201

0.86%

ENOM

6,179,440

39,609

0.64%

BIZCN

223,728

815

0.36%

NETSOL

5,046,746

15,397

0.31%

Markmon

206,593

594

0.29%

TUCOWS

4,552,986

7,646

0.17%

nameking

788,110

713

0.09%

GODADDY

15,295,392

12,036

0.08%

Sorted by Rate – Smaller is better


Goals l.jpg
Goals

  • Fix the WDPRS

  • Enforce the rules

  • Audit the Registrars

  • Terminate the bad registrars


Thank you l.jpg
Thank You

Bob Bruen

[email protected]

http://www.coldrain.net

Garth Bruen

[email protected]

http://www.knujon.com


ad