[dns-operations] Operational Research Data from Internet NAmespace Logs (ORDINAL) Dataset

Jeff Schmidt jschmidt at jasadvisors.com
Fri Mar 9 20:47:15 UTC 2018

Hello DNS Researchers:

Many of you have heard about the data we are collecting on DNS namespace collisions (I've done brief presentations in several spots) but I wanted to share with this list as well.  JAS is collecting data on roughly 50 colliding domains we've licensed and purchased and making the data available to researchers through DHS' IMPACT program.  

My purpose in collecting this data is to:

* Raise awareness of the "Misuse of the DNS for authentication" issue
* Improve protocol and application design
* Help software vendors identify and remediate problems
* Help system administrators identify and remediate problems
* Provide data to spam/phishing/malware researchers

The star of the show is corp.com.  We have a licensing agreement with the owner of corp.com to collect the data for this purpose and make it available to researchers.  Corp.com receives ~30 queries per second, mostly from Microsoft Active Directory environments where the AD is named "corp" and the hostname ends in ".com" resulting in the machine eventually searching "stuff.corp.com"

My hope is folks will look into these unique datasets and make the Internet a better place.



Feel free to reach out to me with any questions or for further information!  Thanks!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4394 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180309/f9243871/attachment.bin>

More information about the dns-operations mailing list