<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] fast flux numbers lately
- To: <gaaron@xxxxxxxxxxxx>
- Subject: Re: [gnso-ff-pdp-may08] fast flux numbers lately
- From: Martin Hall <martinh@xxxxxxxxxxxxxxx>
- Date: Wed, 26 Nov 2008 08:41:18 -0800
We're doing a big analytics run on our data right now. That gives us
exactly the kind of data that you're talking about which I'd planned
to visually represent in line with Joe's suggestion. I'll share this
with everyone and perhaps Jose and I can correlate the presentation of
data so that we have some level of consistency over what we include
and how we present it.
Martin
On Nov 26, 2008, at 8:31 AM, Greg Aaron wrote:
Thanks, Jose! So looks like from May 3 through November 26th, your
system
detected 24,846 FF domains. Is my total correct?
Do you have breakdowns of the domains by TLD?
There were large spikes on July 3 and October 8. Do you think those
may be
due to changes in monitoring, or did the bad guys light up tons of
domains
around those dates?
Martin, as you prepare your data set, might it be possible to
include in it
similar metrics, such as # of new fluxing domains discovered by
date, and
breakdowns by TLD? While Arbor and Karmasphere have differing
methods (that
should be noted), I personally think it would be interesting to be
able to
compare. Maybe it will show everyone two slices of the entire pie.
Pie... I must have Thanksgiving on my mind. Have a good one!
All best,
--Greg
-----Original Message-----
From: Jose Nazario [mailto:jose@xxxxxxxxx]
Sent: Wednesday, November 26, 2008 10:26 AM
To: Martin Hall
Cc: gaaron@xxxxxxxxxxxx; Dave Piscitello; Fast Flux Workgroup
Subject: Re: [gnso-ff-pdp-may08] fast flux numbers lately
these are new fast flux domain name detections by day in ATLAS. it
hit its
stride in may or so, then we expanded to our current scheme for
discovery
(and data inputs) in june.
cnt date
73 2008-03-03
23 2008-03-04
8 2008-03-05
2 2008-03-06
7 2008-03-07
2 2008-03-08
1 2008-03-09
3 2008-03-10
2 2008-03-11
5 2008-03-12
1 2008-03-18
2 2008-03-19
1 2008-03-20
3 2008-03-21
2 2008-03-24
8 2008-03-25
1 2008-04-01
51 2008-04-04
35 2008-04-05
3 2008-04-06
16 2008-04-07
44 2008-04-08
31 2008-04-09
22 2008-04-10
5 2008-04-11
2 2008-04-12
17 2008-04-13
11 2008-04-14
47 2008-04-15
19 2008-04-22
18 2008-04-23
5 2008-04-24
6 2008-04-25
5 2008-04-26
4 2008-04-27
32 2008-04-28
9 2008-04-29
9 2008-04-30
4 2008-05-01
7 2008-05-02
6 2008-05-03
7 2008-05-04
6 2008-05-05
17 2008-05-06
12 2008-05-07
9 2008-05-08
8 2008-05-09
4 2008-05-10
1 2008-05-11
13 2008-05-12
2 2008-05-13
2 2008-05-14
2 2008-05-15
15 2008-05-16
21 2008-05-17
3 2008-05-18
4 2008-05-19
8 2008-05-20
3 2008-05-21
5 2008-05-22
7 2008-05-23
5 2008-05-24
6 2008-05-25
6 2008-05-26
8 2008-05-27
13 2008-05-28
35 2008-05-29
14 2008-05-30
10 2008-05-31
17 2008-06-01
28 2008-06-02
18 2008-06-03
15 2008-06-04
41 2008-06-05
4 2008-06-06
2 2008-06-07
4 2008-06-08
9 2008-06-09
6 2008-06-10
6 2008-06-11
8 2008-06-12
7 2008-06-13
7 2008-06-14
1 2008-06-15
86 2008-06-16
471 2008-06-17
42 2008-06-18
57 2008-06-19
70 2008-06-20
149 2008-06-21
129 2008-06-22
78 2008-06-23
56 2008-06-24
86 2008-06-25
66 2008-06-26
103 2008-06-27
43 2008-06-28
17 2008-06-29
16 2008-06-30
54 2008-07-01
405 2008-07-02
4050 2008-07-03
14 2008-07-04
48 2008-07-05
77 2008-07-06
41 2008-07-07
45 2008-07-08
56 2008-07-09
40 2008-07-10
52 2008-07-11
53 2008-07-12
20 2008-07-13
51 2008-07-14
61 2008-07-15
75 2008-07-16
50 2008-07-17
80 2008-07-18
238 2008-07-19
79 2008-07-20
274 2008-07-21
554 2008-07-22
129 2008-07-23
147 2008-07-24
7 2008-07-28
42 2008-08-01
475 2008-08-02
182 2008-08-03
269 2008-08-04
446 2008-08-05
123 2008-08-06
489 2008-08-07
26 2008-08-12
133 2008-08-13
431 2008-08-14
178 2008-08-15
121 2008-08-16
66 2008-08-17
77 2008-08-18
77 2008-08-19
109 2008-08-20
63 2008-08-21
76 2008-08-22
52 2008-08-23
70 2008-08-24
81 2008-08-25
79 2008-08-26
113 2008-08-27
160 2008-08-28
385 2008-08-29
215 2008-08-30
86 2008-08-31
76 2008-09-01
103 2008-09-02
69 2008-09-03
89 2008-09-04
46 2008-09-05
91 2008-09-06
56 2008-09-07
116 2008-09-08
89 2008-09-09
113 2008-09-10
108 2008-09-11
29 2008-09-12
31 2008-09-13
15 2008-09-14
221 2008-09-15
48 2008-09-16
185 2008-09-17
74 2008-09-18
105 2008-09-19
102 2008-09-20
9 2008-09-21
24 2008-09-22
145 2008-09-23
19 2008-09-24
37 2008-09-25
49 2008-09-26
12 2008-09-27
8 2008-09-28
49 2008-09-29
46 2008-09-30
29 2008-10-01
17 2008-10-02
64 2008-10-03
217 2008-10-04
29 2008-10-05
38 2008-10-06
66 2008-10-07
3695 2008-10-08
38 2008-10-09
65 2008-10-10
70 2008-10-11
514 2008-10-12
30 2008-10-13
33 2008-10-14
69 2008-10-15
20 2008-10-16
51 2008-10-17
18 2008-10-18
35 2008-10-19
33 2008-10-20
28 2008-10-21
21 2008-10-22
84 2008-10-23
108 2008-10-24
137 2008-10-25
624 2008-10-26
324 2008-10-27
109 2008-10-28
326 2008-10-29
313 2008-10-30
247 2008-10-31
217 2008-11-01
36 2008-11-02
56 2008-11-03
39 2008-11-04
58 2008-11-05
114 2008-11-06
44 2008-11-07
33 2008-11-08
132 2008-11-09
135 2008-11-10
109 2008-11-11
6 2008-11-12
36 2008-11-13
21 2008-11-14
92 2008-11-15
18 2008-11-16
22 2008-11-17
16 2008-11-18
20 2008-11-19
18 2008-11-20
31 2008-11-21
44 2008-11-22
8 2008-11-23
73 2008-11-24
50 2008-11-25
38 2008-11-26
--
-------------------------------------------------------------
jose nazario, ph.d. <jose@xxxxxxxxx>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
--
Martin Hall
skype: martin-hall
+1-408-838-2890
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|