bob bruen garth bruen l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam” PowerPoint Presentation
Download Presentation
“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

Loading in 2 Seconds...

play fullscreen
1 / 21

“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam” - PowerPoint PPT Presentation


  • 282 Views
  • Uploaded on

Bob Bruen Garth Bruen. “ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”. Standard Approaches. Filter & Block Identify Spammers Blacklist Criminal Prosecution Civil Litigation Challenge/Response Reputation Protection. Definition: Infrastructure The Front End . ICANN

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”' - MartaAdara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
standard approaches
Standard Approaches
  • Filter & Block
  • Identify Spammers
  • Blacklist
  • Criminal Prosecution
  • Civil Litigation
  • Challenge/Response
  • Reputation Protection
definition infrastructure the front end
Definition: InfrastructureThe Front End
  • ICANN
  • Top Level Registrars
  • Retail Registrars
  • ISPs
  • Policies and Procedures
  • Resources Capacity
front end problems
Front End Problems
  • Because of:
    • Weak procedures
    • Policies not followed
    • Inadequate resources
  • Consquences are:
    • Target rich environment
    • Spam platform
    • Enhances botnets, malware, etc
whois data problem report system wdprs
Whois Data Problem Report SystemWDPRS
  • Whoisdata accuracy REQUIRED
  • 15 days to fix whois record
  • Created for just these complaints
  • One at a time complaints
  • Designed for small numbers
modern complaint process
Modern Complaint Process
  • Match spammers capability
  • Employ large scale operations
  • Automate everything
    • Processing spam submissions
    • Filing of complaints

Follow ups

knujon
KnujOn
  • Delivers Massively Scalable Automated Spam Handling
  • Strict Use of ICANN Procedures Once Detected

Front End Spam Prevention Compliments

Spam Detection & Elimination

what is different
What Is Different
  • Not a honeypot – real people
  • Spam collection spans years
  • Targeting transaction sites
  • Apply ICANN policy enforcement
  • Scale of complaints filed
    • ICANN Report 2006: ~45% was Project KnujOn
volume of knujon reports

250,000

200,000

150,000

100,000

50,000

0

'06

'07

'08

'09

Volume of KnujOn Reports

KnujOn Complaint Volume Through ICANN WDPR

2008 anticipated will be 4 times that of 2007

knujon key processes
KnujOn – Key Processes
  • “Follow the money”
  • User submitted spam (ftp or email)‏
  • Spam analyzed for Transaction site
  • Whois data acquired & verified
  • Automated complaint filed if not accurate
  • Follow up
metadata
MetaData
  • Large Database
  • We can correlate
    • Scam sites & individuals
    • Sites & criminal groups
    • Groups, ISPs, Registrars
  • Analyze trends
scale problem
Scale Problem
  • 50,000,000 Registrations in 2007
  • 50,000 Complaints - Apparent Limit
  • Off by three orders of magnitude
  • Shutdown 55,000+ (PoC)
  • 20,000-25,000/day submissions
repairing the infrastructure
Repairing the Infrastructure
  • Evaluate registrar services
  • Rate registrars
  • Rate ISPs
  • Challenge Privacy Protection
  • Test Whois Services
  • Identifying Fake DNS servers
registrar evaluation
Registrar Evaluation
  • Number of complaints
  • Filed & total
  • Acknowledgment/timeliness
  • Action taken
  • Rot days
  • Engaged
rot days
Rot Days
  • “Rot days” = Suspend date – file date
  • Should be shorter than:
    • Tasting days = 5 days (Add Grace Period)‏
    • Average life time = 5 days (UCSD paper)‏
  • Unfortunately increasing
sample registrar rating caveats
Sample Registrar RatingCaveats
  • Only uses our filed complaints
  • Relative ratings matter
  • Small sample n = 9 (~1000 registrars)‏
  • Better & worse registrars exist
  • Only .com numbers
slide19

Example Rating Table

Registrar

Total Domains

Complaints Filed

Complaints rate

MONIKER

1,956,780

29,855

1.53%

directnfo

1,064,697

9,201

0.86%

ENOM

6,179,440

39,609

0.64%

BIZCN

223,728

815

0.36%

NETSOL

5,046,746

15,397

0.31%

Markmon

206,593

594

0.29%

TUCOWS

4,552,986

7,646

0.17%

nameking

788,110

713

0.09%

GODADDY

15,295,392

12,036

0.08%

Sorted by Rate – Smaller is better

goals
Goals
  • Fix the WDPRS
  • Enforce the rules
  • Audit the Registrars
  • Terminate the bad registrars
thank you
Thank You

Bob Bruen

bob.bruen@coldrain.net

http://www.coldrain.net

Garth Bruen

garth.bruen@coldrain.net

http://www.knujon.com