RE: [gnso-ff-pdp-may08] fast flux numbers lately

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

Dear Jose and Martin:

Attached is a spreadsheet with raw stats, for your use.  Martin, please let
me know if you saw any TLD that Jose did not, and I can try to get those
registration numbers.

There are some TLDs I can't obtain stats for; they have been left blank.

All best,
--Greg



-----Original Message-----
From: jose nazario [mailto:jose@xxxxxxxxx] 
Sent: Thursday, November 27, 2008 1:34 AM
To: gaaron@xxxxxxxxxxxx; 'Martin Hall'
Cc: 'Dave Piscitello'; 'Fast Flux Workgroup'
Subject: Re: [gnso-ff-pdp-may08] fast flux numbers lately

On 11/26/08 11:31 AM, "Greg Aaron" <gaaron@xxxxxxxxxxxx> wrote:

> Do you have breakdowns of the domains by TLD?

I do!

  16745 com
   6393 cn
    470 net
    399 org
    177 uk
    155 ru
     86 tk
     73 COM
     52 su
     38 biz
     34 mobi
     25 in
     25 eu
     22 name
     22 cc
     16 tv
     15 ws
     14 info
     14 bz
     13 kg
     13 jp
     12 us
     12 gs
     10 be
      7 me
      7 es
      6 md
      6 ca
      6 asia
      5 st
      5 ec
      4 ph
      3 tw
      3 cz
      2 at
      1 ua
      1 li
      1 it
      1 fr
      1 ch


This is even broader than this summer when thorsten and I did our paper.
Sheesh. 

> There were large spikes on July 3 and October 8.  Do you think those may
be
> due to changes in monitoring, or did the bad guys light up tons of domains
> around those dates?

Changes in monitoring/massive data imports etc. major finds by some people.
Do not take it as "wow the bad guys went ape* on those days!".

Hope this helps.

-------------------------------------------------------------
jose nazario, ph.d.  <jose@xxxxxxxxx>
Arbor Networks      www.arbornetworks.com
v: (734) 821 1427
PGP: 0x40A7BF94
-------------------------------------------------------------

Attachment: FF stats by TLD.xls
Description: MS-Excel spreadsheet