Hi, this is Leigh Metcalf with my colleague Jonathan Spring. In 2011, .co.cc  and .co.tv  were removed from Google's search results because of the high incidence of malicious domains (.cc is the TLD for the Cocos Islands and .tv is the TLD for Tuvalu). Neither of these domains is an official TLD of its respective country of origin, but is a zone in which the owner happens to make single subdomains freely available and charge a nominal fee for bulk registrations. Similarly, an APWG report for the second half 2011 lists .tk, the TLD of the island of Tokulu, as the most common TLD used in phishing attacks. It also permits free domain registration.
Hi, this is Vijay Sarvepalli, Security Solutions Engineer in the CERT Program. Today, whether you're shopping for a new house or trying to find a babysitter, you end up using Google maps or a similar service to assist your decision making. In this blog post, I discuss GeoIP capabilities that can be built into your SOC to provide a spatial view of your network threats and how this view can help your network situational awareness.
Hi, this is Leigh Metcalf with my colleague Jonathan Spring. Here is a look at second level domain (SLD) usage in 2012 for the most common generic Top Level Domains (gTLDs): biz, com, info, mobi, net, and org. We used two data sources: (1)the master zone files (RFC 1035 sec. 5) and (2) the SIE (http://sie.isc.org), a passive DNS data source. From these sources we examined three features of global gTLD usage--the number registered, the number active, and the ratio.
Hi, this is Leigh Metcalf again with my colleague Rhiannon Weaver. IPv6, the replacement for IPv4, has been heavily marketed. To consider exactly how popular IPv6 is on the internet, one method is to examine the number of autonomous systems (ASes) that announce IPv6.
In my previous post, I examined the total amount of IPv4 space announced and presented cumulative graphics. While this view is useful in determining how much IPv4 space is announced, it doesn't say much about which IPv4 space is announced.
Hi, this is Leigh Metcalf of the Network Situational Awareness Team. Recently, I have been considering the amount of IPv4 space that is announced on the Internet. All blocks have been allocated, but how many are actually being used? To investigate this, I examined the routing tables to determine which networks were announced on the internet as usable from January 1, 2009 through December 31, 2012.
Hello, this is Leigh Metcalf of the CERT Network Situational Awareness (NetSA) Team. Timur Snoke and I have discovered some interesting results in our continuing examination of the public Domain Name System (DNS). Our work has been focusing on domains that change their name servers frequently.
On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits.