W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Been away, trying to catch up - saw this note about IP blocked lists

From: Doyle, Bill <wdoyle@mitre.org>
Date: Tue, 24 Jul 2007 13:10:41 -0400
Message-ID: <518C60F36D5DBC489E91563736BA4B5801928E84@IMCSRV5.MITRE.ORG>
To: "Thomas Roessler" <tlr@w3.org>, "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: "W3 Work Group" <public-wsc-wg@w3.org>


Been away, trying to catch up

Sorry if this has already gone around, thought that this was
interesting evolution of capability. Reviewing against user agent
efforts.

http://www.honeynet.org/papers/ff/index.html

"ADVANTAGES FOR THE ATTACKER

¨Traditional¨ cyber-crime activities such as phishing typically require
an attacker to compromise one or more victim computer systems (either
individually or via mass auto-rooters) and establish a fake or
fraudulent web site. Content would then be advertised to victims either
by mass emailing or more targeted marketing (spear phishing), often
through other compromised computer systems and botnets. The computer
systems hosting the malicious content would be identified either by
public DNS name or directly by IP address embedded within the email
lure messages.  These types of scams are identified relatively quickly
by security professionals and can be quickly shut down. As the average
time of survival was reduced for these phishing websites, criminals
began to add additional layers of protection, such as server address
obfuscation or utilize groups of proxy servers to redirect network.
Such systems are limited in scale and can still be tracked down fairly
quickly with international co-operation. We are now seeing the next
evolutionary step, the fast-flux network. In the end, it's all about
Return on Investment (ROI) for the criminals, and fast-flux service
networks provide a reliable way to maximize the returns on their
criminal activities for relatively low effort.  Fast-flux service
networks offer three major advantages to operators of Internet based
criminal activity."  


Bill D.
Received on Tuesday, 24 July 2007 17:10:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT