ICANN Email Archives: [gnso-ff-pdp-may08]

ICANN ICANN Email List Archives
[gnso-ff-pdp-may08]

<<< Chronological Index >>> <<< Thread Index >>>
RE: [gnso-ff-pdp-may08] fast flux numbers lately

To: "'Martin Hall'" <martinh@xxxxxxxxxxxxxxx>
Subject: RE: [gnso-ff-pdp-may08] fast flux numbers lately
From: "Greg Aaron" <gaaron@xxxxxxxxxxxx>
Date: Wed, 26 Nov 2008 11:51:56 -0500
That is wonderful.  Thanks!


-----Original Message-----
From: Martin Hall [mailto:martinh@xxxxxxxxxxxxxxx] 
Sent: Wednesday, November 26, 2008 11:41 AM
To: gaaron@xxxxxxxxxxxx
Cc: 'Jose Nazario'; 'Dave Piscitello'; 'Fast Flux Workgroup'
Subject: Re: [gnso-ff-pdp-may08] fast flux numbers lately

We're doing a big analytics run on our data right now. That gives us  
exactly the kind of data that you're talking about which I'd planned  
to visually represent in line with Joe's suggestion. I'll share this  
with everyone and perhaps Jose and I can correlate the presentation of  
data so that we have some level of consistency over what we include  
and how we present it.

Martin

On Nov 26, 2008, at 8:31 AM, Greg Aaron wrote:

> Thanks, Jose!  So looks like from May 3 through November 26th, your  
> system
> detected 24,846 FF domains.  Is my total correct?
>
> Do you have breakdowns of the domains by TLD?
>
> There were large spikes on July 3 and October 8.  Do you think those  
> may be
> due to changes in monitoring, or did the bad guys light up tons of  
> domains
> around those dates?
>
> Martin, as you prepare your data set, might it be possible to  
> include in it
> similar metrics, such as # of new fluxing domains discovered by  
> date, and
> breakdowns by TLD?  While Arbor and Karmasphere have differing  
> methods (that
> should be noted), I personally think it would be interesting to be  
> able to
> compare.  Maybe it will show everyone two slices of the entire pie.
>
> Pie...  I must have Thanksgiving on my mind.  Have a good one!
>
> All best,
> --Greg
>
>
>
>
> -----Original Message-----
> From: Jose Nazario [mailto:jose@xxxxxxxxx]
> Sent: Wednesday, November 26, 2008 10:26 AM
> To: Martin Hall
> Cc: gaaron@xxxxxxxxxxxx; Dave Piscitello; Fast Flux Workgroup
> Subject: Re: [gnso-ff-pdp-may08] fast flux numbers lately
>
> these are new fast flux domain name detections by day in ATLAS. it  
> hit its
> stride in may or so, then we expanded to our current scheme for  
> discovery
> (and data inputs) in june.
>
>     cnt date
>      73 2008-03-03
>      23 2008-03-04
>       8 2008-03-05
>       2 2008-03-06
>       7 2008-03-07
>       2 2008-03-08
>       1 2008-03-09
>       3 2008-03-10
>       2 2008-03-11
>       5 2008-03-12
>       1 2008-03-18
>       2 2008-03-19
>       1 2008-03-20
>       3 2008-03-21
>       2 2008-03-24
>       8 2008-03-25
>       1 2008-04-01
>      51 2008-04-04
>      35 2008-04-05
>       3 2008-04-06
>      16 2008-04-07
>      44 2008-04-08
>      31 2008-04-09
>      22 2008-04-10
>       5 2008-04-11
>       2 2008-04-12
>      17 2008-04-13
>      11 2008-04-14
>      47 2008-04-15
>      19 2008-04-22
>      18 2008-04-23
>       5 2008-04-24
>       6 2008-04-25
>       5 2008-04-26
>       4 2008-04-27
>      32 2008-04-28
>       9 2008-04-29
>       9 2008-04-30
>       4 2008-05-01
>       7 2008-05-02
>       6 2008-05-03
>       7 2008-05-04
>       6 2008-05-05
>      17 2008-05-06
>      12 2008-05-07
>       9 2008-05-08
>       8 2008-05-09
>       4 2008-05-10
>       1 2008-05-11
>      13 2008-05-12
>       2 2008-05-13
>       2 2008-05-14
>       2 2008-05-15
>      15 2008-05-16
>      21 2008-05-17
>       3 2008-05-18
>       4 2008-05-19
>       8 2008-05-20
>       3 2008-05-21
>       5 2008-05-22
>       7 2008-05-23
>       5 2008-05-24
>       6 2008-05-25
>       6 2008-05-26
>       8 2008-05-27
>      13 2008-05-28
>      35 2008-05-29
>      14 2008-05-30
>      10 2008-05-31
>      17 2008-06-01
>      28 2008-06-02
>      18 2008-06-03
>      15 2008-06-04
>      41 2008-06-05
>       4 2008-06-06
>       2 2008-06-07
>       4 2008-06-08
>       9 2008-06-09
>       6 2008-06-10
>       6 2008-06-11
>       8 2008-06-12
>       7 2008-06-13
>       7 2008-06-14
>       1 2008-06-15
>      86 2008-06-16
>     471 2008-06-17
>      42 2008-06-18
>      57 2008-06-19
>      70 2008-06-20
>     149 2008-06-21
>     129 2008-06-22
>      78 2008-06-23
>      56 2008-06-24
>      86 2008-06-25
>      66 2008-06-26
>     103 2008-06-27
>      43 2008-06-28
>      17 2008-06-29
>      16 2008-06-30
>      54 2008-07-01
>     405 2008-07-02
>    4050 2008-07-03
>      14 2008-07-04
>      48 2008-07-05
>      77 2008-07-06
>      41 2008-07-07
>      45 2008-07-08
>      56 2008-07-09
>      40 2008-07-10
>      52 2008-07-11
>      53 2008-07-12
>      20 2008-07-13
>      51 2008-07-14
>      61 2008-07-15
>      75 2008-07-16
>      50 2008-07-17
>      80 2008-07-18
>     238 2008-07-19
>      79 2008-07-20
>     274 2008-07-21
>     554 2008-07-22
>     129 2008-07-23
>     147 2008-07-24
>       7 2008-07-28
>      42 2008-08-01
>     475 2008-08-02
>     182 2008-08-03
>     269 2008-08-04
>     446 2008-08-05
>     123 2008-08-06
>     489 2008-08-07
>      26 2008-08-12
>     133 2008-08-13
>     431 2008-08-14
>     178 2008-08-15
>     121 2008-08-16
>      66 2008-08-17
>      77 2008-08-18
>      77 2008-08-19
>     109 2008-08-20
>      63 2008-08-21
>      76 2008-08-22
>      52 2008-08-23
>      70 2008-08-24
>      81 2008-08-25
>      79 2008-08-26
>     113 2008-08-27
>     160 2008-08-28
>     385 2008-08-29
>     215 2008-08-30
>      86 2008-08-31
>      76 2008-09-01
>     103 2008-09-02
>      69 2008-09-03
>      89 2008-09-04
>      46 2008-09-05
>      91 2008-09-06
>      56 2008-09-07
>     116 2008-09-08
>      89 2008-09-09
>     113 2008-09-10
>     108 2008-09-11
>      29 2008-09-12
>      31 2008-09-13
>      15 2008-09-14
>     221 2008-09-15
>      48 2008-09-16
>     185 2008-09-17
>      74 2008-09-18
>     105 2008-09-19
>     102 2008-09-20
>       9 2008-09-21
>      24 2008-09-22
>     145 2008-09-23
>      19 2008-09-24
>      37 2008-09-25
>      49 2008-09-26
>      12 2008-09-27
>       8 2008-09-28
>      49 2008-09-29
>      46 2008-09-30
>      29 2008-10-01
>      17 2008-10-02
>      64 2008-10-03
>     217 2008-10-04
>      29 2008-10-05
>      38 2008-10-06
>      66 2008-10-07
>    3695 2008-10-08
>      38 2008-10-09
>      65 2008-10-10
>      70 2008-10-11
>     514 2008-10-12
>      30 2008-10-13
>      33 2008-10-14
>      69 2008-10-15
>      20 2008-10-16
>      51 2008-10-17
>      18 2008-10-18
>      35 2008-10-19
>      33 2008-10-20
>      28 2008-10-21
>      21 2008-10-22
>      84 2008-10-23
>     108 2008-10-24
>     137 2008-10-25
>     624 2008-10-26
>     324 2008-10-27
>     109 2008-10-28
>     326 2008-10-29
>     313 2008-10-30
>     247 2008-10-31
>     217 2008-11-01
>      36 2008-11-02
>      56 2008-11-03
>      39 2008-11-04
>      58 2008-11-05
>     114 2008-11-06
>      44 2008-11-07
>      33 2008-11-08
>     132 2008-11-09
>     135 2008-11-10
>     109 2008-11-11
>       6 2008-11-12
>      36 2008-11-13
>      21 2008-11-14
>      92 2008-11-15
>      18 2008-11-16
>      22 2008-11-17
>      16 2008-11-18
>      20 2008-11-19
>      18 2008-11-20
>      31 2008-11-21
>      44 2008-11-22
>       8 2008-11-23
>      73 2008-11-24
>      50 2008-11-25
>      38 2008-11-26
>
> -- 
> -------------------------------------------------------------
> jose nazario, ph.d.           <jose@xxxxxxxxx>
> manager of security research  arbor networks
> v: (734) 821 1427             http://asert.arbornetworks.com/
>
>

--
Martin Hall
skype: martin-hall
+1-408-838-2890
References:
- Re: [gnso-ff-pdp-may08] fast flux numbers lately
  - From: Martin Hall
<<< Chronological Index >>> <<< Thread Index >>>
Privacy Policy | Terms of Service | Cookies Policy