Characterization of Blacklists and Tainted Network Traffic

  • Jing Zhang
  • Ari Chivukula
  • Michael Bailey
  • Manish Karir
  • Mingyan Liu
Conference paper
Part of the Lecture Notes in Computer Science book series (volume 7799)

Abstract

Threats to the security and availability of the network have contributed to the use of Real-time Blackhole Lists (RBLs) as an attractive method for implementing dynamic filtering and blocking. While RBLs have received considerable study, little is known about the impact of these lists in practice. In this paper, we use nine different RBLs from three different categories to perform the evaluation of RBL tainted traffic at a large regional Internet Service Provider.

References

  1. 1.
  2. 2.
    Barracuda reputation blocklist, http://www.barracudacentral.org/
  3. 3.
    Cbl: Composite blocking list, http://cbl.abuseat.org/
  4. 4.
  5. 5.
    HpHosts for your pretection, http://hosts-file.net/
  6. 6.
    Internet has a garbage problem, researcher says, http://www.pcworld.com/article/144006/article.html
  7. 7.
  8. 8.
    Merit Network INC, http://www.merit.edu/
  9. 9.
  10. 10.
    PREDICT: Protected Repository for the Defense of Infrastructure Against Cyber Threats, https://www.predict.org/
  11. 11.
    SURBL: URL Reputation Data, http://www.surbl.org/
  12. 12.
    Uceprotector network, http://www.uceprotect.net/
  13. 13.
    Wpbl: Weighted private block list, http://www.wpbl.info/
  14. 14.
    Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a Dynamic Reputation System for DNS. In: USENIX Security Symposium, pp. 273–290 (2010)Google Scholar
  15. 15.
    Esquivel, H., Akella, A., Mori, T.: On the effectiveness of IP reputation for spam filtering. In: Proceedings of COMSNETS 2010, pp. 1–10 (2010)Google Scholar
  16. 16.
    Cisco Systems Inc. SpamCop Blocking List (SCBL), http://www.spamcop.net/
  17. 17.
    Jung, J., Sit, E.: An empirical study of spam traffic and the use of DNS black lists. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 370–375. ACM, New York (2004)CrossRefGoogle Scholar
  18. 18.
    Creyts, K., Karir, M., Mentley, N.: Towards network reputation - analyzing the makeup of rbls (June 2011)Google Scholar
  19. 19.
    Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proceedings of SIGCOMM 2006, pp. 291–302 (2006)Google Scholar
  20. 20.
    Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)Google Scholar
  21. 21.
    Team Cymru Community Services. IP to ASN Mapping, http://www.team-cymru.org/Services/ip-to-asn.html
  22. 22.
    Shue, C.A., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE/ACM Trans. Netw. 20(1), 220–230 (2012)CrossRefGoogle Scholar
  23. 23.
    Sinha, S., Bailey, M., Jahanian, F.: Shades of Grey: On the Effectiveness of Reputation-based ”blacklists”. In: Proceedings of MALWARE 2008, pp. 57–64 (October 2008)Google Scholar
  24. 24.
    Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting network structure for proactive spam mitigation. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. USENIX Association (2007)Google Scholar
  25. 25.
    Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How dynamic are ip addresses? In: Proceedings of SIGCOMM 2007, pp. 301–312 (2007)Google Scholar
  26. 26.
    Zhang, J., Porras, P., Ullrich, J.: Highly Predictive Blacklisting. In: Usenix Security (August 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jing Zhang
    • 1
  • Ari Chivukula
    • 1
  • Michael Bailey
    • 1
  • Manish Karir
    • 2
  • Mingyan Liu
    • 1
  1. 1.University of MichiganAnn ArborUSA
  2. 2.Department of Homeland SecurityCyber Security DivisionWashington DCUSA

Personalised recommendations