direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

All publications

On the Effects of Registrar-level Intervention
Citation key LLFKMVS-OERLI-11
Author Liu, He (Lonnie) and Levchenko, Kirill and Felegyhazi, Mark and Kreibich, Christian and Maier, Gregor and Voelker, Geoffrey M. and Savage, Stefan
Title of Book Proceedings of the Workshop on Large-Scale Exploits and Emergent Threads (LEET '11)
Pages 1–8
Year 2011
ISBN 978-931971-84-3
DOI http://dx.doi.org/
Location Boston, MA, USA
Month March
Editor Christopher Kruegel
Publisher Usenix
Abstract Virtually all Internet scams make use of domain name resolution as a critical part of their execution (e.g., resolving a spam-advertised URL to its Web site). Consequently, defenders have initiated a range of efforts to intervene within the DNS ecosystem to block such activity (e.g., by blacklisting ''known bad'' domain names at the client). Recently, there has been a push for domain registrars to take a more active role in this conflict, and it is this class of intervention that is the focus of our work. In particular, this paper characterizes the impact of two recent efforts to counter scammers' use of domain registration: CNNIC's blanket policy changes for the .cn ccTLD made in late 2009 and the late 2010 agreement between eNom and LegitScript to reactively take down ''rogue'' Internet pharmacy domains. Using a combination of historic WHOIS data and co-temporal spam feeds, we measure the impact of these interventions on both the registration and use of spam-advertised domains. We use these examples to illustrate the key challenges in making registrar-level intervention an effective tool.
Link to publication Download Bibtex entry

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe