14,952
edits
Changes
Jump to navigation
Jump to search
Created page with "'''Domain Abuse Activity Reporting (DAAR)''' is a system for studying and reporting on domain name registration and DNS Abuse. The aim of the DAAR project is to develop a..."
'''Domain Abuse Activity Reporting (DAAR)''' is a system for studying and reporting on domain name registration and [[DNS Abuse]]. The aim of the DAAR project is to develop a methodology for analyzing security threats to inform ICANN policy decisions.<ref>[https://www.icann.org/octo-ssr/daar DAAR, OCTO, ICANN]</ref>
==Process==
DAAR collects [[TLD]] zone data and complements them with third-party [[Reputation Block List]]s based on crowdsourcing, spam filters, and honeypots that have identified [[Phishing]], [[Malware]], [[Spam]], and [[Botnet Attacks]]. The [[iThreat Cyber Group]] (ICG) collects and reports to DAAR three data sets.<ref>[https://www.icann.org/en/system/files/files/daar-monthly-report-04feb19-en.pdf Understanding the DAAR Monthly Report]</ref>
===Zone Data===
# Top-Level Domain Zone Data (through ICANN’s [[Centralized Zone Data Service]]<ref>[https://www.icann.org/octo-ssr/daar-faqs/#reputation DAAR FAQs]</ref>
# Sponsoring Registrar Registration Data (contractually mandated for gTLDs and volunteered by [[ccTLDs]]), and
# Domain Reputation Data
===Reputation Data Sources===
# [[SURBL]]
# [[Spamhaus]]
# [[Anti-Phishing Working Group]]
# [[PhishTank]]
# [[Malware Patrol]]
# [[Abuse.ch]]
==Reporting==
DAAR data are currently released to registries via ICANN's Service Level Agreement Monitoring ([[SLAM]]) system and shared in monthly reports with a median aggregate, aggregated statistics, and time-series analyses.
==Critiques==
At [[ICANN 71]], several issues were raised during the discussion on RBLs and, by extension DAAR. They included that:
# Neither DAAR nor the RBLs distinguish between maliciously registered and compromised domains;
# DAAR does not address mitigation or reflect how quickly abuse is addressed;
# Not immediately up-to-date;
# Concerns over the inclusion of content-based complaints (see also Bambenek's 2018 validation report,<ref>[https://www.icann.org/en/system/files/files/bambenek-daar-validation-review-report-20jul18-en.pdf Bambenek DAAR Validation Report 2018]</ref>, which also mentioned the outsized impact of activity on small registars' risk scores); and
# False positives.
==References==
==Process==
DAAR collects [[TLD]] zone data and complements them with third-party [[Reputation Block List]]s based on crowdsourcing, spam filters, and honeypots that have identified [[Phishing]], [[Malware]], [[Spam]], and [[Botnet Attacks]]. The [[iThreat Cyber Group]] (ICG) collects and reports to DAAR three data sets.<ref>[https://www.icann.org/en/system/files/files/daar-monthly-report-04feb19-en.pdf Understanding the DAAR Monthly Report]</ref>
===Zone Data===
# Top-Level Domain Zone Data (through ICANN’s [[Centralized Zone Data Service]]<ref>[https://www.icann.org/octo-ssr/daar-faqs/#reputation DAAR FAQs]</ref>
# Sponsoring Registrar Registration Data (contractually mandated for gTLDs and volunteered by [[ccTLDs]]), and
# Domain Reputation Data
===Reputation Data Sources===
# [[SURBL]]
# [[Spamhaus]]
# [[Anti-Phishing Working Group]]
# [[PhishTank]]
# [[Malware Patrol]]
# [[Abuse.ch]]
==Reporting==
DAAR data are currently released to registries via ICANN's Service Level Agreement Monitoring ([[SLAM]]) system and shared in monthly reports with a median aggregate, aggregated statistics, and time-series analyses.
==Critiques==
At [[ICANN 71]], several issues were raised during the discussion on RBLs and, by extension DAAR. They included that:
# Neither DAAR nor the RBLs distinguish between maliciously registered and compromised domains;
# DAAR does not address mitigation or reflect how quickly abuse is addressed;
# Not immediately up-to-date;
# Concerns over the inclusion of content-based complaints (see also Bambenek's 2018 validation report,<ref>[https://www.icann.org/en/system/files/files/bambenek-daar-validation-review-report-20jul18-en.pdf Bambenek DAAR Validation Report 2018]</ref>, which also mentioned the outsized impact of activity on small registars' risk scores); and
# False positives.
==References==