Eind 2013 heeft de vereniging Abuse Information Exchange ‘de AbuseHUB’ ingericht. Dit systeem verwerkt centraal informatie over botnet-besmettingen in Nederland, met als doel besmette computers sneller te detecteren en internetgebruikers beter en sneller te helpen als hun computer besmet is met een virus.
1. AbuseHUB: a
Success Story
Gert Wabeke
Holland Strikes Back event,
October 28, 2014
www.abuseinformationexchange.nl
2. Association with major assets
§ Community of AbuseDesk experts sharing knowledge on how to
detect, inform and support customers more efficiently
§ System (AbuseHUB) that collects, correlates, and distributes
abuse notifications to abuseDesk
Powerful and concrete mechanisms to enhance internet safety,
increases overall Abuse handling maturity level
3. Scope
Source:
Out
of
scope
h#p://pineut.wordpress.com/2013/04/13/botnet-‐aanval-‐op-‐wordpress-‐com/
Abuse HUB
collect, correlate, distribute
post infection information to
Abuse Desks
Members use the information to
inform and assist their
customers to mitigate infection
4. Removal
(decentralizedl)
AD
AD
AbuseHUB
Sources
InformaGon
sharing
(centralized)
AD
AbuseHUB
Manager
Abuse
HUB
AbuseHUB
HosGng
provider
HosGng
Center
RN
RN
RN
RN
Legal
enGty:
Abuse
Desk
process
Customer
support
5. Statistics
4,7 million Abuse_ Reports
received and processed in
September.
100 Abuse Types identified
Reports sorted, correlated
and distributed to our
members Abuse Desk
covering in total 35 ASN
7. Extending # Notifiers!
§ Notifiers who are able and whishing to share information
Our proposition: we distribute and sort the information to ASN
owner based on IP address. The ASN owner will take action
and remove (botnet) infection on its network. As an industry
collaboration with over 90% market coverage together
contributing to enhance internet safety.
§ Requirements
§ Well-defined detection process
§ Machine-readable reports (IODEF, X-ARF, CSV/TSV with header)
§ Must contain source IP and date timestamp (ntp-synced).
§ Using its own detection resources (no ‘recycling’ of other sources).
8. Members
90%
of
fixed
internet
access
in
the
Netherlands
|
70%
of
the
Dutch
domain
name
market
With
startup
funding
from:
9. Extending # Members
§ Open to everyone who wants to enhance internet safety
Our unique proposition: we enhance the maturity level of
your abuse handling processes through (1) a one-stop-shop
with high-value information on botnet infections and (2) a
community that will enable your staff to further develop their
skills together with their peers.
§ Requirements
§ Own Autonomous System (IP address space)
§ Demonstrable abuse policy
§ Members also act as a Reliable Notifier
§ Annual contribution (keep system afloat)
10. Q&A
Vereniging
Abuse
Informa:on
Exchange
Overgoo
13
Postbus
262
2260
AG
Leidschendam
The
Netherlands
www.abuseinformaGonexchange.nl
info@abuseinformaGonexchange.nl