AbUsing ICANNs Procedures as a Way to minimize Spam - PowerPoint PPT Presentation

About This Presentation
Title:

AbUsing ICANNs Procedures as a Way to minimize Spam

Description:

AbUsing ICANNs Procedures as a Way to minimize Spam – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 22
Provided by: projects7
Category:

less

Transcript and Presenter's Notes

Title: AbUsing ICANNs Procedures as a Way to minimize Spam


1
(Ab)Using ICANNs Procedures as a Way to
minimize Spam
  • Bob Bruen
  • Garth Bruen

2
Standard Approaches
  • Filter Block
  • Identify Spammers
  • Blacklist
  • Criminal Prosecution
  • Civil Litigation
  • Challenge/Response
  • Reputation Protection

3
Definition InfrastructureThe Front End
  • ICANN
  • Top Level Registrars
  • Retail Registrars
  • ISPs
  • Policies and Procedures
  • Resources Capacity

4
Front End Problems
  • Because of
  • Weak procedures
  • Policies not followed
  • Inadequate resources
  • Consquences are
  • Target rich environment
  • Spam platform
  • Enhances botnets, malware, etc

5
Whois Data Problem Report SystemWDPRS
  • Whois data accuracy REQUIRED
  • 15 days to fix whois record
  • Created for just these complaints
  • One at a time complaints
  • Designed for small numbers

6
Modern Complaint Process
  • Match spammers capability
  • Employ large scale operations
  • Automate everything
  • Processing spam submissions
  • Filing of complaints
  • Follow ups

7
KnujOn
  • Delivers Massively Scalable Automated
    Spam Handling
  • Strict Use of ICANN Procedures Once
    Detected
  • Front End Spam Prevention
    Compliments
  • Spam Detection Elimination

8
What Is Different
  • Not a honeypot real people
  • Spam collection spans years
  • Targeting transaction sites
  • Apply ICANN policy enforcement
  • Scale of complaints filed
  • ICANN Report 2006 45 was Project KnujOn

9
Volume of KnujOn Reports
KnujOn Complaint Volume Through ICANN WDPR
2008 anticipated will be 4 times that of 2007
10
KnujOn Key Processes
  • Follow the money
  • User submitted spam (ftp or email)?
  • Spam analyzed for Transaction site
  • Whois data acquired verified
  • Automated complaint filed if not accurate
  • Follow up

11
MetaData
  • Large Database
  • We can correlate
  • Scam sites individuals
  • Sites criminal groups
  • Groups, ISPs, Registrars
  • Analyze trends

12
Scale Problem
  • 50,000,000 Registrations in 2007
  • 50,000 Complaints - Apparent Limit
  • Off by three orders of magnitude
  • Shutdown 55,000 (PoC)
  • 20,000-25,000/day submissions

13
Big Problem Actually Small
14
Repairing the Infrastructure
  • Evaluate registrar services
  • Rate registrars
  • Rate ISPs
  • Challenge Privacy Protection
  • Test Whois Services
  • Identifying Fake DNS servers

15
Registrar Evaluation
  • Number of complaints
  • Filed total
  • Acknowledgment/timeliness
  • Action taken
  • Rot days
  • Engaged

16
Rot Days
  • Rot days Suspend date file date
  • Should be shorter than
  • Tasting days 5 days (Add Grace Period)?
  • Average life time 5 days (UCSD paper)?
  • Unfortunately increasing

17
Rot Days
18
Sample Registrar RatingCaveats
  • Only uses our filed complaints
  • Relative ratings matter
  • Small sample n 9 (1000 registrars)?
  • Better worse registrars exist
  • Only .com numbers

19
Example Rating Table
Sorted by Rate Smaller is better
20
Goals
  • Fix the WDPRS
  • Enforce the rules
  • Audit the Registrars
  • Terminate the bad registrars

21
Thank You
  • Bob Bruen
  • bob.bruen_at_coldrain.net
  • http//www.coldrain.net
  • Garth Bruen
  • garth.bruen_at_coldrain.net
  • http//www.knujon.com
Write a Comment
User Comments (0)
About PowerShow.com