detecting abuse of abandoned internet resources
play

Detecting Abuse of Abandoned Internet Resources Tim Schmidt - PowerPoint PPT Presentation

Feb 05, 2023 •256 likes •553 views

Chair for Network Architectures and Services Technische Universit at M unchen Detecting Abuse of Abandoned Internet Resources Tim Schmidt Betreuer: Dipl. Inf. Johann Schlamp, Dipl. Ing. Quirin Scheitle 12.08.2015 Chair for Network

  1. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abuse of Abandoned Internet Resources Tim Schmidt Betreuer: Dipl. Inf. Johann Schlamp, Dipl. Ing. Quirin Scheitle 12.08.2015 Chair for Network Architectures and Services Department of Informatics Technische Universit¨ at M¨ unchen Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 1

  2. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Overview Basics Existing Work RIR Models Timeline & Outlook Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 2

  3. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Overview Basics Existing Work RIR Models Timeline & Outlook Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 3

  4. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Regional Internet Registry (RIR) Manages and assigns Internet Number Resources such as: ◮ IP Address spaces (IPv4 and v6) ◮ AS Numbers Note There are five Regional Internet Registries, compare next slide. Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 4

  5. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Areas of Responsibility Figure: RIR regions 1 1 Source: nro.net Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 5

  6. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Overview Basics Existing Work RIR Models Timeline & Outlook Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 6

  7. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Existing Work Note My work is based on Christian Eckert’s master’s thesis: ”Ein Fruehwarnsystem fuer AS Hijacking” (TUM, 2013) → C. Eckert implemented a parser for RIPE data (dumpfiles) → My implementation uses parts of his code → The TUM Chair for Network Architectures and Services provides dumpfiles for every RIR, updated daily. Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 7

  8. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information 2. Maintainer relations 3. Organisation relations 4. No. of relations Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 8

  9. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information → domain expired? 2. Maintainer relations 3. Organisation relations 4. No. of relations Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 9

  10. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information → domain expired? 2. Maintainer relations → maintainer nonexistent / inactive? 3. Organisation relations 4. No. of relations Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 10

  11. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information → domain expired? 2. Maintainer relations → maintainer nonexistent / inactive? 3. Organisation relations → org. nonexistent / inactive? 4. No. of relations Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 11

  12. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information → domain expired? 2. Maintainer relations → maintainer nonexistent / inactive? 3. Organisation relations → org. nonexistent / inactive? 4. No. of relations → low degree of connectivity? Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 12

  13. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Detecting Abandoned Resources 1. Domain information → domain expired? 2. Maintainer relations → maintainer nonexistent / inactive? 3. Organisation relations → org. nonexistent / inactive? 4. No. of relations → low degree of connectivity? Scoring-System Based on those aspects determine a score for possibility that resource is abandoned and or abused / hijacked. Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 13

  14. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Dumpfile Example: Objects (1) Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 14

  15. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Dumpfile Example: Objects (2) Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 15

  16. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Dumpfile Example: Objects (3) Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 16

  17. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Tasks 1. Analyze and understand the structure of the dump data for all RIRs 2. Map data from the other RIRs to generic data model (based on RIPE) 3. Adapt existing RIPE-parser code to the four remaining RIRs 4. Use the same database format for compatibility: neo4j 5. Evaluate Data based on existing model for abuse detection Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 17

  18. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Overview Basics Existing Work RIR Models Timeline & Outlook Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 18

  19. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen RIPE Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 19

  20. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen APNIC Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 20

  21. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen AFRINIC Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 21

  22. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen LACNIC Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 22

  23. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen ARIN Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 23

  24. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Generic Model Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 24

  25. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen RIR Object types Figure: Number of object types for all RIRs Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 25

  26. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Overview Basics Existing Work RIR Models Timeline & Outlook Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 26

  27. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Timeline Figure: Timeline Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 27

  28. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Outlook What needs to be done: → Feed data to neo4j database Parsed data is already in correct format! → Implement cronjobs for daily parsing / updates → Evaluation Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 28

  29. Chair for Network Architectures and Services Technische Universit¨ at M¨ unchen Any questions? Feel free to ask! Tim Schmidt – Detecting Abuse of Abandoned Internet Resources 29

Recommend

Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND

Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND

Resources on Substance Use and Abuse in Teens GENERAL INFORMATION ABOUT SUBSTANCE ABUSE AND PREVENTION: General information and materials from programs about substance abuse. Parentengagementnetwork.org Speak Now Colorado - Age appropriate

165 views • 4 slides
Vacant & Abandoned Buildings What Communities Can Do About Them IAAI/USFA Abandoned Building

Vacant & Abandoned Buildings What Communities Can Do About Them IAAI/USFA Abandoned Building

Vacant & Abandoned Buildings What Communities Can Do About Them IAAI/USFA Abandoned Building Project The "Broken Windows" Theory of Social Disorder From one broken window you can lose a street Vacant or Abandoned? Vacant

564 views • 55 slides
Internet Abuse Identification and personalised withdrawal strategies Submission no:

Internet Abuse Identification and personalised withdrawal strategies Submission no:

Internet Abuse Identification and personalised withdrawal strategies Submission no: 2019-1-UK01-KA204-062021 The European Commission's support for the production of this publication does not constitute an endorsement of the contents, which reflect

422 views • 9 slides
Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet Photos Tobias Weyand, Chih-Yun Tsai, Bastian Leibe Fixing WTFs Poster No. 26 Overview Many Computer Vision Applications use Internet photos,

818 views • 38 slides
Vacant & Abandoned Properties Vacant & Abandoned Properties 1,000 houses in 1,000 days:

Vacant & Abandoned Properties Vacant & Abandoned Properties 1,000 houses in 1,000 days:

Vacant & Abandoned Properties Vacant & Abandoned Properties 1,000 houses in 1,000 days: Community Update D e c e m b e r 7 , 2 0 1 5 Outline Where We Started Reaching 1,000 House Goal Where We Are Today What We

700 views • 25 slides
Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet

Detecting and Localizing Anomalous Behavior to Discover Failures in Component-Based Internet Services Emre Kcman and Armando Fox {emrek, fox}@cs.stanford.edu 16th December 2003 Abstract mittently unavailable to end-users. Our conversations

804 views • 14 slides
Detecting inconsistencies in INRDB data to identify MOAS cases and possible illegitimate Internet

Detecting inconsistencies in INRDB data to identify MOAS cases and possible illegitimate Internet

Problem: Prefix/ASN Hijacking Research RIPE NCC Data Sources The algorithm: constructing unique trees Results Comments Detecting inconsistencies in INRDB data to identify MOAS cases and possible illegitimate Internet resource usage Peter

702 views • 16 slides
REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED

REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED

REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED SCRIPTURE Acts 17:16-34 IDOLATR IDOLATRY at ATHE Y at ATHE NS S 1. Introduction - Context 2. Inquiries of Intellectuals 17:16-21 a. Initiative of

1.02k views • 39 slides
Expert Briefing: Abandoned Briefing on Abandoned Vessels Vessels Enforcement and Marine Debris

Expert Briefing: Abandoned Briefing on Abandoned Vessels Vessels Enforcement and Marine Debris

Expert Briefing: Abandoned Briefing on Abandoned Vessels Vessels Enforcement and Marine Debris in San April 9, 2014 Francisco Bay at the Bay Planning Coalition March 21, 2013 BCDC Commission Meeting Adrienne Klein, Chief of Enforcement,

593 views • 45 slides
RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny

RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers (Czerny Andeas) Summery 1. Introduction 2. Keepalives and Heartbeats 3. DPD Protocol 4. Resistance to Replay Attack and False Proof of Liveliness Situation

890 views • 20 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
Detecting price and search discrimination on the Internet Jakub Mikians*, Lszl Gyarmati,

Detecting price and search discrimination on the Internet Jakub Mikians*, Lszl Gyarmati,

Detecting price and search discrimination on the Internet Jakub Mikians*, Lszl Gyarmati, Vijay Erramilli, Nikolaos Laoutaris Telefonica Research, *Universitat Politecnica de Catalunya 1 Telefnica Research Customers buy the same product

458 views • 28 slides
Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet Measurement Village 2020 Italy, March 11th - 2020 Tales from a mid-pandemic network outage Public 2 ...failure on a foreign network... Source :

591 views • 29 slides
Abandoned Mine Reclamation in Pennsylvania John Stefanko, Deputy Secretary Active and Abandoned

Abandoned Mine Reclamation in Pennsylvania John Stefanko, Deputy Secretary Active and Abandoned

Abandoned Mine Reclamation in Pennsylvania John Stefanko, Deputy Secretary Active and Abandoned Mine Operations Pennsylvania Department of Environmental Protection July 2018 Tom Wolf, Governor Patrick McDonnell, Secretary 1 Coal

406 views • 18 slides
Evaluating Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project Inspection and

Evaluating Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project Inspection and

Evaluating Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project Inspection and Evaluation Determine just what the hazards are Document the findings Use data to determine the proper action for the building 48 MASON

803 views • 57 slides
Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS

Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS

Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue University bb@cs.purdue.edu Supported by NSF IIS 0209059, NSF IIS 0242840 , NSF

1k views • 97 slides
Detecting the States of Emergency Events Using Web Resources Vijayan Sugumaran, Ph.D.

Detecting the States of Emergency Events Using Web Resources Vijayan Sugumaran, Ph.D.

CENTER FOR DATA SCIENCE SCIENCE Strength in Numbers AND BIG DATA BIG D ANALYTICS Detecting the States of Emergency Events Using Web Resources Vijayan Sugumaran, Ph.D. Department of Decision and Information Sciences School of Business

453 views • 24 slides
Responsible Distribution of Internet Numbering Resources over the Years Prepared by Regional

Responsible Distribution of Internet Numbering Resources over the Years Prepared by Regional

Responsible Distribution of Internet Numbering Resources over the Years Prepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC 27 March 2004 ITU Workshop on Internet Governance, Geneva, Switzerland

681 views • 31 slides
Cloak of Visibility: Detecting When Machines Browse a Different Web Luca Invernizzi *, Kurt

Cloak of Visibility: Detecting When Machines Browse a Different Web Luca Invernizzi *, Kurt

Cloak of Visibility: Detecting When Machines Browse a Different Web Luca Invernizzi *, Kurt Thomas*, Alexandros Kapravelos , Oxana Comanescu*, Jean-Michel Picod*, and Elie Bursztein* * Google - Anti-fraud and abuse research North Carolina

409 views • 30 slides
Statement of Work Statement of Work 1. Classification and analysis of abandoned channel

Statement of Work Statement of Work 1. Classification and analysis of abandoned channel

Restoration of Abandoned Channels Restoration of Abandoned Channels Prepared for KICT, South Korea by Pierre Y. Julien, Ph.D. Seema C. Shah-Fairbank Jaehoon Kim Colorado State University April 2008 Statement of Work Statement of Work 1.

486 views • 10 slides
Substandard, Abandoned, & Foreclosure Properties O F F I CE O F N E I GH B O R H O O D S E

Substandard, Abandoned, & Foreclosure Properties O F F I CE O F N E I GH B O R H O O D S E

Substandard, Abandoned, & Foreclosure Properties O F F I CE O F N E I GH B O R H O O D S E R V I CE S AN D CO D E E N F O R CE M E N T Interactions Substandard, Abandoned, Foreclosure Chronic Nuisance Violence stolen goods,

932 views • 37 slides
Securing Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project The "Broken

Securing Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project The "Broken

Securing Vacant and Abandoned Buildings IAAI/USFA Abandoned Building Project The "Broken Windows" Theory of Social Disorder From one broken window, you can lose a street Target Properties Secure and well maintained properties

1.03k views • 58 slides
USCG Sector San Francisco Abandoned Vessels Enforcement April 2014 U.S. Coast Guard Sector San

USCG Sector San Francisco Abandoned Vessels Enforcement April 2014 U.S. Coast Guard Sector San

USCG Sector San Francisco Abandoned Vessels Enforcement April 2014 U.S. Coast Guard Sector San Francisco Abandoned Vessels Abandoned vessel" means any craft designed for navigation that has been moored, stranded, wrecked, sunk, or

391 views • 16 slides

More recommend