On the Effects of Registrar-level Intervention

He Liu, Kirill Levchenko, Márk Félegyházi, Christian Kreibich, Gregor Maier, Geoffrey M. Voelker, Stefan Savage

Research output: Contribution to conferencePaper

Abstract

Virtually all Internet scams make use of domain name resolution as a critical part of their execution (e.g., resolving a spam-advertised URL to its Web site). Consequently, defenders have initiated a range of efforts to intervene within the DNS ecosystem to block such activity (e.g., by blacklisting “known bad” domain names at the client). Recently, there has been a push for domain registrars to take a more active role in this conflict, and it is this class of intervention that is the focus of our work. In particular, this paper characterizes the impact of two recent efforts to counter scammers’ use of domain registration: CNNIC’s blanket policy changes for the .cn ccTLD made in late 2009 and the late 2010 agreement between eNom and LegitScript to reactively take down “rogue” Internet pharmacy domains. Using a combination of historic WHOIS data and co-temporal spam feeds, we measure the impact of these interventions on both the registration and use of spam-advertised domains. We use these examples to illustrate the key challenges in making registrar-level intervention an effective tool.

Original languageEnglish (US)
StatePublished - 2011
Externally publishedYes
Event4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2011 - Boston, United States
Duration: Mar 29 2011 → …

Conference

Conference4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2011
CountryUnited States
CityBoston
Period3/29/11 → …

ASJC Scopus subject areas

  • Information Systems
  • Artificial Intelligence
  • Computer Science Applications

Fingerprint Dive into the research topics of 'On the Effects of Registrar-level Intervention'. Together they form a unique fingerprint.

  • Cite this

    Liu, H., Levchenko, K., Félegyházi, M., Kreibich, C., Maier, G., Voelker, G. M., & Savage, S. (2011). On the Effects of Registrar-level Intervention. Paper presented at 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2011, Boston, United States.