Download
bob bruen garth bruen n.
Skip this Video
Loading SlideShow in 5 Seconds..
“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam” PowerPoint Presentation
Download Presentation
“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

310 Vues Download Presentation
Télécharger la présentation

“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Bob Bruen Garth Bruen “(Ab)Using ICANN’s Procedures as a Way to minimize Spam”

  2. Standard Approaches • Filter & Block • Identify Spammers • Blacklist • Criminal Prosecution • Civil Litigation • Challenge/Response • Reputation Protection

  3. Definition: InfrastructureThe Front End • ICANN • Top Level Registrars • Retail Registrars • ISPs • Policies and Procedures • Resources Capacity

  4. Front End Problems • Because of: • Weak procedures • Policies not followed • Inadequate resources • Consquences are: • Target rich environment • Spam platform • Enhances botnets, malware, etc

  5. Whois Data Problem Report SystemWDPRS • Whoisdata accuracy REQUIRED • 15 days to fix whois record • Created for just these complaints • One at a time complaints • Designed for small numbers

  6. Modern Complaint Process • Match spammers capability • Employ large scale operations • Automate everything • Processing spam submissions • Filing of complaints Follow ups

  7. KnujOn • Delivers Massively Scalable Automated Spam Handling • Strict Use of ICANN Procedures Once Detected Front End Spam Prevention Compliments Spam Detection & Elimination

  8. What Is Different • Not a honeypot – real people • Spam collection spans years • Targeting transaction sites • Apply ICANN policy enforcement • Scale of complaints filed • ICANN Report 2006: ~45% was Project KnujOn

  9. 250,000 200,000 150,000 100,000 50,000 0 '06 '07 '08 '09 Volume of KnujOn Reports KnujOn Complaint Volume Through ICANN WDPR 2008 anticipated will be 4 times that of 2007

  10. KnujOn – Key Processes • “Follow the money” • User submitted spam (ftp or email)‏ • Spam analyzed for Transaction site • Whois data acquired & verified • Automated complaint filed if not accurate • Follow up

  11. MetaData • Large Database • We can correlate • Scam sites & individuals • Sites & criminal groups • Groups, ISPs, Registrars • Analyze trends

  12. Scale Problem • 50,000,000 Registrations in 2007 • 50,000 Complaints - Apparent Limit • Off by three orders of magnitude • Shutdown 55,000+ (PoC) • 20,000-25,000/day submissions

  13. 93% of Complaints at 10 Registrars All other registrars 10 Registrars “Big” Problem Actually Small

  14. Repairing the Infrastructure • Evaluate registrar services • Rate registrars • Rate ISPs • Challenge Privacy Protection • Test Whois Services • Identifying Fake DNS servers

  15. Registrar Evaluation • Number of complaints • Filed & total • Acknowledgment/timeliness • Action taken • Rot days • Engaged

  16. Rot Days • “Rot days” = Suspend date – file date • Should be shorter than: • Tasting days = 5 days (Add Grace Period)‏ • Average life time = 5 days (UCSD paper)‏ • Unfortunately increasing

  17. Rot Days

  18. Sample Registrar RatingCaveats • Only uses our filed complaints • Relative ratings matter • Small sample n = 9 (~1000 registrars)‏ • Better & worse registrars exist • Only .com numbers

  19. Example Rating Table Registrar Total Domains Complaints Filed Complaints rate MONIKER 1,956,780 29,855 1.53% directnfo 1,064,697 9,201 0.86% ENOM 6,179,440 39,609 0.64% BIZCN 223,728 815 0.36% NETSOL 5,046,746 15,397 0.31% Markmon 206,593 594 0.29% TUCOWS 4,552,986 7,646 0.17% nameking 788,110 713 0.09% GODADDY 15,295,392 12,036 0.08% Sorted by Rate – Smaller is better

  20. Goals • Fix the WDPRS • Enforce the rules • Audit the Registrars • Terminate the bad registrars

  21. Thank You Bob Bruen bob.bruen@coldrain.net http://www.coldrain.net Garth Bruen garth.bruen@coldrain.net http://www.knujon.com