Nov 2, 2023 · Rowena Schoo and Maciej Korczyński
This blog covers an interesting case of suspected abuse in a gTLD registry between February and April 2023. It is a good example of an edge case, where the decision on whether or not to mitigate was not clear cut, and different levels of evidence were available at different time.
Read moreOct 24, 2023 · Rowena Schoo
Compass Dashboards empower registries and registrars with data to understand phishing and malware trends in their zone, over time, and compared against peers.
Read moreOct 2, 2023 · Maciej Korczyński and Samaneh Tajalizadehkhoob
The goal of the INFERMAL project is to conduct an in-depth analysis of maliciously registered domain names, aiming to uncover cyber attackers' preferences and possible measures to mitigate abusive activities within the domain name space.
Read moreSept 28, 2023 · Yevheniya Nosyk, Maciej Korczyński, and Andrzej Duda
The Domain Name System (DNS) has traditionally relied on response codes to signal anomalies, but they are of little help to precisely identify the root causes behind failures. In this article, we examine the new Extended DNS Errors (EDE) mechanism that provides extra feedback on DNS resolutions.
Read moreJune 8, 2023 · Rowena Schoo
Today the DNS Abuse Institute ("DNSAI" or the "Institute") adds a new level of reporting for our measurement project: DNSAI Compass™ ("Compass"). With his new level of reporting we intend to show the spectrum of how malicious phishing and malware is distributed across the DNS registration ecosystem.
Read moreMay 2, 2023 · Qasim Lone, Yevheniya Nosyk, and Maciej Korczyński
Despite being a known vulnerability for at least 25 years, source IP address spoofing remains a popular attack method for redirection, amplification, and anonymity. In this post, we provide an introduction / refresher on what SAV is and discuss methods to detect non-compliant networks and the incentives that the industry must enact to make the deployment of SAV attractive.
Read moreApr 25, 2023 · Maciej Korczyński and Samaneh Tajalizadehkhoob
The Internet Corporation for Assigned Names and Numbers (ICANN) is funding a new project that aims to systematically analyze the preferences of cyberattackers and possible measures to mitigate malicious activities across top-level domains (TLDs). This new project is called INFERMAL, and will be supervised by ICANN's Office of the Chief Technology Officer Security, Stability, and Resiliency team.
Read moreApril 7, 2023 · Yevheniya Nosyk, Qasim Lone, Yury Zhauniarovich, Carlos H. Gañán, Emile Aben, Giovane Moura, Samaneh Tajalizadehkhoob, Andrzej Duda, and Maciej Korczyński
In November 2021, Internet users from Mexico lost access to whatsapp.net
and facebook.com
. Here, we present key takeaways from our analysis of the event - carried out with RIPE Atlas - and we look at the extent to which queries to DNS root servers get manipulated.
Sep 16, 2022 · Rowena Schoo, Graeme Bunton, and Maciej Korczyński
In May 2022, we wrote about kicking off our work to measure DNS Abuse. We are proud to announce today that we have launched our first report and gone live with our measurement initiative: DNSAI Intelligence.
Read moreFeb 15, 2021 · Yevheniya Nosyk, Maciej Korczyński, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda
Source Address Validation (SAV) is the best current practice (BCP 38 / RFC 2827) aimed at filtering packets based on source IP addresses at the network edge. In this article, we show how to identify networks that do not deploy SAV for incoming traffic.
Read more