Blacklists aggregator:New service by TCI

Dmitry Belyavsky, TCIENOG 9Kazan, Russia, 9-10 June 2015

Internet is dangerous

SPAM

Phishing FastFlux

Malware

What else???

Previous project

The 1st in Russia unique analytical resource, the Netoscope project aims at making the Russian

domain space safer for users

http://netoscope.ruhttp://нетоскоп.рф

Some statistics

2012 2013 2014 Apr.150.0

200,000.0400,000.0600,000.0800,000.0

1,000,000.01,200,000.01,400,000.01,600,000.01,800,000.0

165,777.00 266,303.00 303,755.00 299,741.00

556,745.00

938,279.001,145,450.00

1,444,001.00722,522.00

1,204,582.00

1,449,205.00

1,743,742.00Growth of the Netoscope database

Domain names suspected in malicious activity, mln

Domain names with verified malicious activity, mln

Total number of domain names in the Netoscope database, mln

New gTLDs start

Abuse monitoring of TCI

.дети

.москва .moscow .tatar

etc…

ICANN: abuse monitoring

Welcome to us!

Blacklists aggregator

Filter for interesting domains

Sources:

SURBL, Netoscope, etc…

Filter for interesting domains

Aggregate Unify classification - TBD

Reports (daily, monthly…)

Implemented with

PerlPluggable architecture

to add new lists

PostgreSQLDomain – source – categories – details

ftp, WebDaV, email Daily Report

Nothing extraordinary!

Implemented for…

Now

Registries

Required by ICANN for new gTLDs

Tomorrow

RegistrarAfter day?

Hosters

Who can watch yoursite.com?

Questions?

Drop them at:

beldmit@tcinet.ru