On the Mismanagement and Maliciousness of Networks

In this paper, we systematically explore the widely held, anecdotal belief that mismanaged networks are responsible for a wide range of security incidents. Utilizing Internet-scale measurements of DNS resolvers, BGP routers, and SMTP, HTTP, and DNS-name servers, we find there are thousands of networks where a large fraction of network services are misconfigured. Combining global feeds of malicious activities including spam, phishing, malware, and scanning, we find a statistically significant correlation between networks that are mismanaged and networks that are responsible for maliciousness.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[3]  Dawn Xiaodong Song,et al.  Exploiting Network Structure for Proactive Spam Mitigation , 2007, USENIX Security Symposium.

[4]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[5]  J. Alex Halderman,et al.  Illuminating the Security Issues Surrounding Lights-Out Server Management , 2013, WOOT.

[6]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[7]  Thomas S. Richardson,et al.  Causal Inference in the Presence of Latent Variables and Selection Bias , 1995, UAI.

[8]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[9]  Yakov Rekhter,et al.  Address Allocation for Private Internets , 1994, RFC.

[10]  Gunnar Lindberg,et al.  Anti-Spam Recommendations for SMTP MTAs , 1999, RFC.

[11]  Jean C. Walrand,et al.  How Bad Are Selfish Investments in Network Security? , 2011, IEEE/ACM Transactions on Networking.

[12]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[13]  Craig A. Shue,et al.  Abnormally Malicious Autonomous Systems and Their Internet Connectivity , 2012, IEEE/ACM Transactions on Networking.

[14]  Scott O. Bradner,et al.  The Internet Standards Process - Revision 3 , 1996, RFC.

[15]  Chris Donley,et al.  IANA-Reserved IPv4 Prefix for Shared Address Space , 2012, RFC.

[16]  Balachander Krishnamurthy,et al.  On network-aware clustering of Web clients , 2000, SIGCOMM 2000.

[17]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[18]  Fang Yu,et al.  On Network-level Clusters for Spam Detection , 2010, NDSS.

[19]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[20]  H. Simon,et al.  Spurious Correlation: A Causal Interpretation* , 1954 .

[21]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[22]  Robert Beverly,et al.  Understanding the efficacy of deployed internet source address validation filtering , 2009, IMC '09.

[23]  Remco van Mook,et al.  Measures for Making DNS More Resilient against Forged Answers , 2009, RFC.

[24]  David Barr,et al.  Common DNS Operational and Configuration Errors , 1996, RFC.

[25]  Wouter Joosen,et al.  You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.

[26]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[27]  Mingyan Liu,et al.  Characterization of Blacklists and Tainted Network Traffic , 2013, PAM.

[28]  João Damas,et al.  Preventing Use of Recursive Nameservers in Reflector Attacks , 2008, RFC.

[29]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[30]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[31]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[32]  P.-C.-F. Daunou,et al.  Mémoire sur les élections au scrutin , 1803 .

[33]  Andy Jones The Information Security Forum , 2006 .