Upload
kenneth-reeves
View
214
Download
0
Embed Size (px)
Citation preview
Blacklists aggregator:New service by TCI
Dmitry Belyavsky, TCIENOG 9Kazan, Russia, 9-10 June 2015
Internet is dangerous
SPAM
Phishing FastFlux
Malware
What else???
Previous project
The 1st in Russia unique analytical resource, the Netoscope project aims at making the Russian
domain space safer for users
http://netoscope.ruhttp://нетоскоп.рф
Some statistics
2012 2013 2014 Apr.150.0
200,000.0400,000.0600,000.0800,000.0
1,000,000.01,200,000.01,400,000.01,600,000.01,800,000.0
165,777.00 266,303.00 303,755.00 299,741.00
556,745.00
938,279.001,145,450.00
1,444,001.00722,522.00
1,204,582.00
1,449,205.00
1,743,742.00Growth of the Netoscope database
Domain names suspected in malicious activity, mln
Domain names with verified malicious activity, mln
Total number of domain names in the Netoscope database, mln
New gTLDs start
Abuse monitoring of TCI
.дети
.москва .moscow .tatar
etc…
ICANN: abuse monitoring
Welcome to us!
Blacklists aggregator
Filter for interesting domains
Sources:
SURBL, Netoscope, etc…
Filter for interesting domains
Aggregate Unify classification - TBD
Reports (daily, monthly…)
Implemented with
PerlPluggable architecture
to add new lists
PostgreSQLDomain – source – categories – details
ftp, WebDaV, email Daily Report
Nothing extraordinary!
Implemented for…
Now
Registries
Required by ICANN for new gTLDs
Tomorrow
RegistrarAfter day?
Hosters
Who can watch yoursite.com?