[CPWG] ICANN DNS Abuse report (4 years of data)
John McCormac
jmcc at hosterstats.com
Wed Mar 23 13:00:11 UTC 2022
On 23/03/2022 12:39, Michele Neylon - Blacknight wrote:
> John
>
> It also focusses on domain names, whereas a lot of the other numbers
> conflate URLs and domains.
>
Yep Michele,
The graphs of registrations and types of abuse are interesting in that
they track some of the bulk registation patterns in the new gTLDs.
Phishing is a more difficult thing to detect with deep URLs on
compromised sites so it may rely more on reporting than detection. The
logic in the EC report was a bit strange when it came to associating
malware with specifically registered domain names. That would be closer
to spear phishing as the most effective way of distributing malware to a
larger set of victims would be via a compromised popular website with
traffic. (An alternative would be spam carrying the link to a
maliciously registered domain name's website.)
Regards...jmcc
> Michele
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/ <https://www.blacknight.com/>
>
> https://blacknight.blog/ <https://blacknight.blog/>
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/ <https://michele.blog/>
>
> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> *From: *CPWG <cpwg-bounces at icann.org> on behalf of John McCormac via
> CPWG <cpwg at icann.org>
> *Date: *Tuesday, 22 March 2022 at 21:07
> *To: *CPWG <cpwg at icann.org>
> *Subject: *[CPWG] ICANN DNS Abuse report (4 years of data)
>
> [EXTERNAL EMAIL] Please use caution when opening attachments from
> unrecognised sources.
>
> ICANN published a report on DNS Abuse that's one of the most interesting
> of the last few years. It is based on four years of data but it also
> captures things that the EC report completely missed due to its
> extremely narrow timeframe. On page 5 of the ICANN report the change in
> the kind of abusive registrations from October 2017 to February 2022
> shows some kinds of abuse being reduced. This may correlate with a
> decline in bulk registrations.
>
> https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-03-2022-en
> <https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-03-2022-en>
>
> https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf
> <https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf>
>
> There is an economic effect with some kind of DNS abuse in that low cost
> registration fees enable some kinds of abuse. The SIDN report from a few
> years ago also pointed out that there was a major shift of abusive
> registrations from the legacy gTLDs to the new gTLDs. That coincided
> with heavy discounting in some new gTLDs.
>
> Regards...jmcc
> --
> **********************************************************
> John McCormac * e-mail: jmcc at hosterstats.com
> MC2 * web: http://www.hosterstats.com/
> <http://www.hosterstats.com/>
> 22 Viewmount * Domain Registrations Statistics
> Waterford * Domnomics - the business of domain names
> Ireland * https://amzn.to/2OPtEIO <https://amzn.to/2OPtEIO>
> IE * Skype: hosterstats.com
> **********************************************************
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com <https://www.avg.com>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> <https://mm.icann.org/mailman/listinfo/cpwg>
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list
> accordance with the ICANN Privacy Policy
> (https://www.icann.org/privacy/policy
> <https://www.icann.org/privacy/policy>) and the website Terms of Service
> (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>).
> You can visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> Virus-free. www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
--
**********************************************************
John McCormac * e-mail: jmcc at hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the CPWG
mailing list