Abstract
Threats to the security and availability of the network have contributed to the use of Real-time Blackhole Lists (RBLs) as an attractive method for implementing dynamic filtering and blocking. While RBLs have received considerable study, little is known about the impact of these lists in practice. In this paper, we use nine different RBLs from three different categories to perform the evaluation of RBL tainted traffic at a large regional Internet Service Provider.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Akamai, http://www.akamai.com/
Barracuda reputation blocklist, http://www.barracudacentral.org/
Cbl: Composite blocking list, http://cbl.abuseat.org/
Dshield, http://www.dshield.org/
HpHosts for your pretection, http://hosts-file.net/
Internet has a garbage problem, researcher says, http://www.pcworld.com/article/144006/article.html
Introduction to Cisco IOS NetFlow, http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html
Merit Network INC, http://www.merit.edu/
Phishtank, http://www.phishtank.com/
PREDICT: Protected Repository for the Defense of Infrastructure Against Cyber Threats, https://www.predict.org/
SURBL: URL Reputation Data, http://www.surbl.org/
Uceprotector network, http://www.uceprotect.net/
Wpbl: Weighted private block list, http://www.wpbl.info/
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a Dynamic Reputation System for DNS. In: USENIX Security Symposium, pp. 273–290 (2010)
Esquivel, H., Akella, A., Mori, T.: On the effectiveness of IP reputation for spam filtering. In: Proceedings of COMSNETS 2010, pp. 1–10 (2010)
Cisco Systems Inc. SpamCop Blocking List (SCBL), http://www.spamcop.net/
Jung, J., Sit, E.: An empirical study of spam traffic and the use of DNS black lists. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 370–375. ACM, New York (2004)
Creyts, K., Karir, M., Mentley, N.: Towards network reputation - analyzing the makeup of rbls (June 2011)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proceedings of SIGCOMM 2006, pp. 291–302 (2006)
Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)
Team Cymru Community Services. IP to ASN Mapping, http://www.team-cymru.org/Services/ip-to-asn.html
Shue, C.A., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE/ACM Trans. Netw. 20(1), 220–230 (2012)
Sinha, S., Bailey, M., Jahanian, F.: Shades of Grey: On the Effectiveness of Reputation-based ”blacklists”. In: Proceedings of MALWARE 2008, pp. 57–64 (October 2008)
Venkataraman, S., Sen, S., Spatscheck, O., Haffner, P., Song, D.: Exploiting network structure for proactive spam mitigation. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. USENIX Association (2007)
Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How dynamic are ip addresses? In: Proceedings of SIGCOMM 2007, pp. 301–312 (2007)
Zhang, J., Porras, P., Ullrich, J.: Highly Predictive Blacklisting. In: Usenix Security (August 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, J., Chivukula, A., Bailey, M., Karir, M., Liu, M. (2013). Characterization of Blacklists and Tainted Network Traffic. In: Roughan, M., Chang, R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36516-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-36516-4_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36515-7
Online ISBN: 978-3-642-36516-4
eBook Packages: Computer ScienceComputer Science (R0)