Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Â
How to Monetize IP Reputation
1. W W W. N S F O C U S . C O M
HOW TO MONETIZE IP REPUTATION
Guy Rosefelt
Dir, Product Management
2. WHAT IS IP REPUTATION
â Botnet
â DDoS
â Scanner
⢠Automated tools
â Exploits
⢠Automated tools
â Malware
â Web Attacker
⢠Human hacking
â Spam Source
â Phishing
â Proxy
â Ransomware
â Score of the malicious behavior of an IP address on the internet
â Tracked at the IP and ASN levels
â Based on how malicious and how often the activity is
3. IP REPUTATION
⢠IP addresses can be in more than one reputation category, such as being
both Phishing and Spam Source.
⢠Categorization of IP addresses can change over time based on behavior.
⢠For example, as additional data is collected an IP address could move
from DDoS (a more general category) to Botnets (a more specific
behavior category).
4. HOW GOOD IS YOUR IP REPUTATION?
Country/Region Num IPs Matched IPs Percent Matched
Vietnam 13,522,176 2,003,658 14.8176%
Iraq 565,504 73,910 13.0698%
Mauritania 41,216 4,362 10.5833%
Pakistan 5,297,152 520,575 9.8275%
Macedonia 681,984 52,091 7.6382%
India 34,168,404 2,493,711 7.2983%
Benin 70,912 4,819 6.7957%
Guinea 16,640 1,119 6.7248%
Marshall Islands 4,608 269 5.8377%
Iran 13,313,901 749,359 5.6284%
Burkina Faso 38,912 2,070 5.3197%
Nepal 507,648 26,806 5.2804%
Lebanon 547,840 28,613 5.2229%
Cape Verde 28,672 1,304 4.5480%
Mali 72,192 3,229 4.4728%
7. Country/Region ASN Num IPs Matched IPs Percent
Matched
DDoS %DDoS
United States AS31788 256 1 0.3906 1 100.00
United States AS394573 256 1 0.3906 1 100.00
United States AS22014 256 1 0.3906 1 100.00
United States AS19642 256 1 0.3906 1 100.00
United States AS46982 256 1 0.3906 1 100.00
United States AS33592 256 1 0.3906 1 100.00
United States AS62791 256 1 0.3906 1 100.00
United States AS393685 256 1 0.3906 1 100.00
United States AS395406 256 1 0.3906 1 100.00
United States AS22350 256 1 0.3906 1 100.00
United States AS53859 256 1 0.3906 1 100.00
United States AS35944 256 1 0.3906 1 100.00
United States AS23375 256 1 0.3906 1 100.00
United States AS33199 256 1 0.3906 1 100.00
United States AS22553 256 1 0.3906 1 100.00
United States AS53357 256 1 0.3906 1 100.00
Vietnam AS24174 256 1 0.3906 1 100.00
Vietnam AS131125 256 1 0.3906 1 100.00
Indonesia AS38060 128 1 0.7813 1 100.00
Russia AS12478 16 1 6.2500 1 100.00
BOTTOM 20 GLOBAL ASNS BY DDOS 100%
MATCH
There are 7461 ASNs with 100% DDoS match
8.
9. IP REPUTATION SPOTLIGHT: SĂO TOMĂ AND
PRĂNCIPE
â SĂŁo TomĂŠ and PrĂncipe is the smallest nation in
Africa.
⢠A series of islands located in the Gulf of Guinea off the
west coast of Central Africa
â Economy is predominantly based on agriculture of
cocoa.
â SĂŁo TomĂŠ and PrĂncipe has a good landline and
cellular infrastructure with 70% of the population
having access to mobile phones.
⢠25.6% of the population have access to the internet
10. IP REPUTATION SPOTLIGHT: SĂO TOMĂ AND
PRĂNCIPE
â SĂŁo TomĂŠ and PrĂncipe has two ASNs with a total of 8,704 IP addresses. ASN
AS328191 has the bulk of IP addresses (8,192) and ASN AS327725 just 512 IP
addresses.
â In August, the NSFOCUS IP Reputation databases show 1,043 IPs with reputation
for an 11.98% match. That puts it at #7 in the Top 10 Percentage Reputation
Match.
â Almost all the reputation IPs are categorized as Botnets.
SĂŁo TomĂŠ and PrĂncipe August Reputation Data
ASN
Assigned
IPs
Matched
IPs
Percent
Matched Botnets DDoS Other
Spam
Sources Exploits Scanners Malware
AS328191 8192 1039 12.6831 1005 2 0 2 3 16 0
AS327725 512 4 0.7813 2 2 0 0 0 0 0
11. IP REPUTATION SPOTLIGHT: SĂO TOMĂ AND
PRĂNCIPE
â In July only three IPs belonging to the smaller ASN AS327725 had reputation: 1
Botnet and 2 DDoS.
â The data was the same in April.
SĂŁo TomĂŠ and PrĂncipe July Reputation Data
ASN
Assigned
IPs
Matched
IPs
Percent
Matched Botnets DDoS Other
Spam
Sources Exploits Scanners Malware
AS327725 512 3 0.5859 1 2 0 0 0 0 0
SĂŁo TomĂŠ and PrĂncipe April Reputation Data
ASN
Assigned
IPs
Matched
IPs
Percent
Matched Botnets DDoS Other
Spam
Sources Exploits Scanners Malware
AS327725 512 3 0.5859 1 2 0 0 0 0 0
12. IP REPUTATION SPOTLIGHT: SĂO TOMĂ AND
PRĂNCIPE
â We can assume a massive malware infestation occurred in August based on several
assumptions:
⢠ASN AS328191 belongs to Companhia Santomense de Telecomunicacoes, a mobile provider
(https://www.cst.st/)
⢠Companhia Santomense de Telecomunicacoes sells Samsung and Alcatel phones using Android OS
⢠During August, over 300 apps in the Google Play Store were found to be infected with WireX malware
â Investigation shows that Companhia Santomense de Telecomunicacoes is the
predominant mobile carrier so it is likely that many Android based phones were
infected with WireX this month
13. IP REPUTATION SPOTLIGHT: SĂO TOMĂ AND
PRĂNCIPE
â Further investigation shows that ASN AS327725 belongs to UNITEL STP SARL
(http://unitel.st).
â Although also a mobile provider, many of the IPs in the ASN are Windows
computers and not susceptible to WireX.
⢠It is possible then that this ASN is primarily residential and commercial internet
users.
14. POSSIBLE ROOT CAUSE OF REPUTATION
DISTRIBUTION
⢠Malware infections are likely primary cause of all reputation activity
⢠Smaller ASNs (Class C) may see related infections across contiguous IP
addresses
⢠Within an enterprise
⢠Within apartment complex or neighborhoods
⢠Distribution of mobile devices within an ASN
⢠Do some ASNs see more iPhone, Android, or Windows 10 devices?
15. WHERE DOES THE MONEY COME IN?
â Provide an IP Reputation Monitoring Service
⢠Tracks internet IP reputation for customer
⢠Single IPs, Subnets, ASNs
â Provide real-time monitoring of IP activity
⢠Automatic email notification of malicious activity
â Provide monthly reports
⢠Customer reputation activity
⢠Comparison with ASN
⢠Comparison in country
17. WWW.NSFOCUS.COM
REALTIME NOTIFICATION
17
Dear Customer,
You are monitoring the following assets: ASN xxx ASN yyy
The following changes occurred to your assetâs reputation within the last 24 hours.
The number of assets that were removed from the blacklist: 2 IPs: 1.1.1.1
1.1.1.2
URLs: Domains:
The number of assets that were added to the blacklist: 3 IPs: 1.2.1.10
1.2.1.11
1.2.2.10
URLs: Domains:
The number of vulnerabilities and files associated with
assets added to the blacklist:
IP
1.2.1.10
1.2.1.11
1.2.2.10
Number Vuln
3
1
13
Number Files
0
0
5
For more information, please log into your NTI portal account.
Thank you,
NTI Team
18. Case Study: How Good is Your IP Reputation?
Carrier A 2-Aug 5-Aug 10-Aug 12-Aug
Total Number of IPs 170,143,836 170,143,836 170,143,836 170,143,836
Total Matched 24,841 25,389 25,574 25,795
Percentage Matched 0.0146% 0.0149% 0.0150% 0.0152%
Number added 0 661 217 273
Number deleted 0 113 32 52
IP Type
Botnets Count 11872
DDoS Count 60
Exploits Count 9
Proxy Count 1
Scanners Count 30
Spam Sources Count 12863
Web Attacks Count 6
Grand Count 24841
20. Case Study: How Good is Your IP Reputation?
Carrier A Test 1 Test 2 Test 3 Test 4
Total Number of IPs
Total Matched 24,841 25,389 0 0
Percentage Matched 0.0146% 0.0149% 0.0000% 0.0000%
Number added 0 661 0 0
Number deleted 0 113 0 0
Carrier B Test 1 Test 2 Test 3 Test 4
Total Number of Ips
Total Matched 2357 2357 2357 2357
Percentage Matched 0.00600% 0.00600% 0.00600% 0.00600%
Number added 0 0 0 0
Number deleted 0 0 0 0
Carrier C Test 1 Test 2 Test 3 Test 4
Total Number of Ips
Total Matched 4963 4963 4963 4963
Percentage Matched 0.00520% 0.00520% 0.00520% 0.00520%
Number added 0 0 0 0
Number deleted 0 0 0 0
IP Type
Botnets Count 11872
DDoS Count 60
Exploits Count 9
Proxy Count 1
Scanners Count 30
Spam Sources Count 12863
Web Attacks Count 6
Grand Count 24841
21. Case Study: How Good is Your IP Reputation?
Malaysian T-1 Provider 20-Sep
Total Number of IPs 10,251,008
Total Matched 36,795
Percentage Matched 0.3589%
Number added 0
Number deleted 0
IP Type
Botnets 14606
DDoS 764
Exploits 167
Proxy 59
Scanners 500
Spam Sources 20689
Malware 9
Phishing 1
Grand Count 36795