Difference between revisions of "Domain Abuse Activity Reporting"
Jump to navigation
Jump to search
m (Jessica moved page DAAR to Domain Abuse Activity Reporting) |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''Domain Abuse Activity Reporting (DAAR)''' is a system for studying and reporting on domain name registration and [[DNS Abuse]]. The aim of the DAAR project is to develop a methodology for analyzing security threats to inform ICANN policy decisions.<ref>[https://www.icann.org/octo-ssr/daar DAAR, OCTO, ICANN]</ref> | + | '''Domain Abuse Activity Reporting (DAAR)''' is a system for studying and reporting on domain name registration and [[DNS Abuse]]. The aim of the DAAR project is to develop a methodology for analyzing security threats to inform [[ICANN]] policy decisions.<ref>[https://www.icann.org/octo-ssr/daar DAAR, OCTO, ICANN]</ref> |
==Process== | ==Process== | ||
| − | DAAR collects [[TLD]] zone data and complements them with third-party [[Reputation Block List]]s based on crowdsourcing, spam filters, and | + | DAAR collects [[TLD]] zone data and complements them with third-party [[RBL|Reputation Block List]]s based on crowdsourcing, spam filters, and [[Honeypot]]s that have identified [[Phishing]], [[Malware]], [[Spam]], and [[Botnet Attacks]]. The [[iThreat Cyber Group]] (ICG) collects and reports to DAAR three data sets.<ref>[https://www.icann.org/en/system/files/files/daar-monthly-report-04feb19-en.pdf Understanding the DAAR Monthly Report]</ref> |
===Zone Data=== | ===Zone Data=== | ||
| − | # Top-Level Domain Zone Data (through ICANN’s [[Centralized Zone Data Service]]<ref>[https://www.icann.org/octo-ssr/daar-faqs/#reputation DAAR FAQs]</ref> | + | # Top-Level Domain Zone Data (through ICANN’s [[Centralized Zone Data Service]])<ref>[https://www.icann.org/octo-ssr/daar-faqs/#reputation DAAR FAQs]</ref> |
# Sponsoring Registrar Registration Data (contractually mandated for gTLDs and volunteered by [[ccTLDs]]), and | # Sponsoring Registrar Registration Data (contractually mandated for gTLDs and volunteered by [[ccTLDs]]), and | ||
# Domain Reputation Data | # Domain Reputation Data | ||
| Line 18: | Line 18: | ||
==Reporting== | ==Reporting== | ||
| − | DAAR data are currently released to registries via ICANN's Service Level Agreement Monitoring ([[SLAM]]) system and shared in monthly reports with a median aggregate, aggregated statistics, and time-series analyses. | + | ===For gTLDs=== |
| + | DAAR data are currently released to registries via ICANN's [https://www.icann.org/news/multimedia/2801 Service Level Agreement Monitoring] ([[SLAM]]) system and shared in [https://www.icann.org/octo-ssr/daar monthly reports] with a median aggregate, aggregated statistics, and time-series analyses. | ||
| + | ===For ccTLDs=== | ||
| + | In January 2021, DAAR began providing personalized monthly reports for [[ccTLD]]s.<ref>[https://www.icann.org/en/blogs/details/daar-activity-project-now-providing-personalized-monthly-reports-for-cctlds-20-1-2021-en DAAR Reports for ccTLDs begins, ICANN Blog]</ref> | ||
==Critiques== | ==Critiques== | ||
| Line 25: | Line 28: | ||
# DAAR does not address mitigation or reflect how quickly abuse is addressed; | # DAAR does not address mitigation or reflect how quickly abuse is addressed; | ||
# Not immediately up-to-date; | # Not immediately up-to-date; | ||
| − | # Concerns over the inclusion of content-based complaints (see also Bambenek's 2018 validation report,<ref>[https://www.icann.org/en/system/files/files/bambenek-daar-validation-review-report-20jul18-en.pdf Bambenek DAAR Validation Report 2018]</ref> | + | # Concerns over the inclusion of content-based complaints (see also Bambenek's 2018 validation report,<ref>[https://www.icann.org/en/system/files/files/bambenek-daar-validation-review-report-20jul18-en.pdf Bambenek DAAR Validation Report 2018]</ref> which also mentioned the outsized impact of activity on small registars' risk scores); and |
# False positives. | # False positives. | ||
==References== | ==References== | ||
| + | |||
| + | [[Category:ICANN Tools]] | ||
| + | [[Category:DNS Abuse Responses]] | ||
Latest revision as of 20:17, 4 November 2021
Domain Abuse Activity Reporting (DAAR) is a system for studying and reporting on domain name registration and DNS Abuse. The aim of the DAAR project is to develop a methodology for analyzing security threats to inform ICANN policy decisions.[1]
Process
DAAR collects TLD zone data and complements them with third-party Reputation Block Lists based on crowdsourcing, spam filters, and Honeypots that have identified Phishing, Malware, Spam, and Botnet Attacks. The iThreat Cyber Group (ICG) collects and reports to DAAR three data sets.[2]
Zone Data
- Top-Level Domain Zone Data (through ICANN’s Centralized Zone Data Service)[3]
- Sponsoring Registrar Registration Data (contractually mandated for gTLDs and volunteered by ccTLDs), and
- Domain Reputation Data
Reputation Data Sources
Reporting
For gTLDs
DAAR data are currently released to registries via ICANN's Service Level Agreement Monitoring (SLAM) system and shared in monthly reports with a median aggregate, aggregated statistics, and time-series analyses.
For ccTLDs
In January 2021, DAAR began providing personalized monthly reports for ccTLDs.[4]
Critiques
At ICANN 71, several issues were raised during the discussion on RBLs and, by extension DAAR. They included that:
- Neither DAAR nor the RBLs distinguish between maliciously registered and compromised domains;
- DAAR does not address mitigation or reflect how quickly abuse is addressed;
- Not immediately up-to-date;
- Concerns over the inclusion of content-based complaints (see also Bambenek's 2018 validation report,[5] which also mentioned the outsized impact of activity on small registars' risk scores); and
- False positives.