ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]

<<< Chronological Index >>>    <<< Thread Index >>>

[gnso-ff-pdp-may08] Introduction and Statement of Interest: Jose Nazario (Arbor Networks)

  • To: <gnso-ff-pdp-may08@xxxxxxxxx>
  • Subject: [gnso-ff-pdp-may08] Introduction and Statement of Interest: Jose Nazario (Arbor Networks)
  • From: jose nazario <jose@xxxxxxxxx>
  • Date: Tue, 07 Oct 2008 16:54:12 -0400
Hi Folks

New to the list, thank you Glen and others for inviting me. Below is my
statement of interest in tackling the fast flux problem:

October 2008

I am the Manager of Security Research at Arbor Networks. Arbor Networks is a
supplier of networking and security products to many of the largest ISPs,
critical infrastructure operators, and hosting providers on the Internet.
Arbor products are used by our customers to protect their own networks as
well as their customers from threats such as denial of service and botnets.

As the Manager of Security Research at Arbor Networks my responsibilities
are to develop new detection tools and products to support our products and
our customers. We have been targeting the botnet problem for several years,
and developed fast flux botnet detection and enumeration tools earlier this
year for integration into our ATLAS product and data feeds.

We conduct ongoing research into the scope and impact of fast flux botnets
to identify infected hosts and malicious activities. Some of these findings
have been shared with groups such as MAAWG and FIRST, as well as the ICANN
SSAC. We share this data with customers and the Internet security community.
We also share this data with several registrars, and actively seek to share
our daily findings with more registrars.

Our interests at Arbor are in stopping the botnet problem at the root, and
this includes shutting down fast flux networks. We hope to facilitate this
resolution by working with the GNSO fast flux working group.



My current work on fast flux is visible here, in a research paper just
released and an ongoing report in our ATLAS system:

    http://honeyblog.org/junkyard/paper/fastflux-malware08.pdf
    http://atlas.arbor.net/summary/fastflux

I look forward to working with the group here in addressing this problem.

-- jose

-------------------------------------------------------------
jose nazario, ph.d.  <jose@xxxxxxxxx>
security researcher, office of the CTO
Arbor Networks
v: (734) 821 1427
PGP: 0x40A7BF94
www.arbornetworks.com
-------------------------------------------------------------
<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy