blacklists aggregator: new service by tci dmitry belyavsky, tci enog 9 kazan, russia, 9-10 june 2015
TRANSCRIPT
![Page 1: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/1.jpg)
Blacklists aggregator:New service by TCI
Dmitry Belyavsky, TCIENOG 9Kazan, Russia, 9-10 June 2015
![Page 2: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/2.jpg)
Internet is dangerous
SPAM
Phishing FastFlux
Malware
What else???
![Page 3: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/3.jpg)
Previous project
The 1st in Russia unique analytical resource, the Netoscope project aims at making the Russian
domain space safer for users
http://netoscope.ruhttp://нетоскоп.рф
![Page 4: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/4.jpg)
Some statistics
2012 2013 2014 Apr.150.0
200,000.0400,000.0600,000.0800,000.0
1,000,000.01,200,000.01,400,000.01,600,000.01,800,000.0
165,777.00 266,303.00 303,755.00 299,741.00
556,745.00
938,279.001,145,450.00
1,444,001.00722,522.00
1,204,582.00
1,449,205.00
1,743,742.00Growth of the Netoscope database
Domain names suspected in malicious activity, mln
Domain names with verified malicious activity, mln
Total number of domain names in the Netoscope database, mln
![Page 5: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/5.jpg)
New gTLDs start
Abuse monitoring of TCI
.дети
.москва .moscow .tatar
etc…
ICANN: abuse monitoring
Welcome to us!
![Page 6: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/6.jpg)
Blacklists aggregator
Filter for interesting domains
Sources:
SURBL, Netoscope, etc…
Filter for interesting domains
Aggregate Unify classification - TBD
Reports (daily, monthly…)
![Page 7: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/7.jpg)
Implemented with
PerlPluggable architecture
to add new lists
PostgreSQLDomain – source – categories – details
ftp, WebDaV, email Daily Report
Nothing extraordinary!
![Page 8: Blacklists aggregator: New service by TCI Dmitry Belyavsky, TCI ENOG 9 Kazan, Russia, 9-10 June 2015](https://reader038.vdocuments.us/reader038/viewer/2022110100/56649e175503460f94b027bc/html5/thumbnails/8.jpg)
Implemented for…
Now
Registries
Required by ICANN for new gTLDs
Tomorrow
RegistrarAfter day?
Hosters
Who can watch yoursite.com?