June 2, 2023

Technical Resources for Combating DNS Abuse

Student or man use computer for elearning, education online, Internet Technology webinar, Online courses, Online seminar, meeting, research, study, and knowledge database. study lessons on Internet,

The NetBeacon Institute serves as a resource for all interested stakeholders fighting DNS Abuse, whether they are registries, registrars, security researchers, or any other interested party. The following content serves as a reference to technical tools and links to additional resources.

ICANN’s Domain Abuse Activity Reporting Tool

As ICANN describes it, “The overarching purpose of DAAR is to develop a robust, reliable, reproducible, and replicable methodology for analyzing security threat activity that can then be later used by the ICANN community to facilitate informed policy decisions.” DAAR “identifies and tracks domain names identified as threats to the security of the domain name ecosystem, known as DNS Abuse.” Since 2018, ICANN has published monthly DAAR reports that summarize the scope of DNS Abuse identified across gTLDs. Those reports are available here.

Anti-Phishing Working Group (APWG) Phishing Activity Trends Report

The APWG publishes a quarterly update on observed phishing activity reported by its member organizations, partners, and third-parties. The current quarterly phishing report and prior reports are available here.

FIRST Best Practice Library

FIRST is the Forum of Incident Response and Security Teams. FIRST maintains its Best Practice Library “to assist FIRST Team Members and the public in general in configuring their systems securely by providing configuration templates and security guidelines.” The FIRST Best Practice Library is available here.

M3AAWG Resources

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) strives “to work against botnets, malware, spam, viruses, DoS attacks and other online exploitation.” M3AAWG maintains a series of its best practices, available here.

Spamhaus Botnet Threat Reports

The Spamhaus Project “is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets”. Spamhaus publishes Quarterly Botnet Threat Report describing trends and data in observed incidences of botnets.