Blog: New ICANN Project Explores the Drivers of Malicious Domain Name Registrations (April 2023)
Blog: ICANN and Contracted Parties Negotiate About Improved DNS Abuse Requirements (January 2023)
Guest blog (APNIC): DNS abuse trends (14 June 2022)
Blog: Keep Up to Date With ICANN's DNS Security Threat Mitigation Program (9 June 2022)
Blog: ICANN Publishes DNS Abuse Trends (22 March 2022)
Announcement: The Recording is Now Available for the ICANN Informational Session on DNS Abuse (8 November 2021)
Announcement: Informational Session on DNS Abuse: Panel Discussion with the ICANN Board (18 October 2021)
Blog: Update on ICANN's DNS Security Threat Mitigation Program (19 July 2021)
Announcement: Webinar: ICANN DNS Security Threat Mitigation Program Update and Community Discussion (1 July 2021)
Announcement: Adding Linguistic Diversity to the Domain Name Security Threat Information Collection and Reporting Project (14 June 2021)
Blog: ICANN Org's Multifaceted Response to DNS Abuse (20 April 2020)
Meetings and Sessions
22 October 2021
Informational Session on DNS Abuse: Panel Discussion with the ICANN Board
Video Recording
Audio Recording – Session 1: Arabic | Chinese | French | Russian | Spanish
Audio Recording – Session 2: Arabic | Chinese | French | Russian | Spanish
Presentation: PDF
22 July 2021
DNS Security Threat Mitigation Program Update and Community Discussion
Video Recording
Audio Recording: Arabic | Chinese | French | Portuguese | Russian | Spanish
Presentation: PDF
Domain Abuse Activity Reporting
ICANN's Domain Abuse Activity Reporting (DAAR) system monitors domain abuse and registration activity across top-level domains (TLDs). DAAR continuously collects registration and security threat data from numerous reputation data feeds. Using the data, ICANN analysts identify and report the use of domain names for activities such as phishing, malware distribution, botnet activity, and spam as a delivery mechanism. The DAAR data can be used to monitor DNS security threat levels and concentrations across participating TLDs. For more information, as well as DAAR monthly reports, visit the Domain Abuse Activity Reporting webpage. ICANN's Identifier Technology Health Indicators (ITHI), or ITHI Metrics, also provide metrics related to DNS Security Threats for the community. For more information, visit the ITHI webpage.
Domain Name Security Threat Information Collection and Reporting (DNSTICR)
The DNSTICR project produces reports on recent domain registrations that we believe to be using the COVID-19 pandemic for phishing or malware campaigns. These reports contain the evidence that leads ICANN org to believe the domains are being used maliciously, along with other background information to help the responsible registrars to determine the correct course of action. More information about DNSTICR can be found here.
Capacity Development and Training
Capacity development and training includes the DNS ecosystem security offerings on ICANN Learn, as well as virtual and in-person training delivered by OCTO Technical Engagement, Global Stakeholder Engagement, and with community partners.
Resources for Registries and Registrars
Framework for Registry Operators to Respond to Security Threats
Advisory re: Technical Analysis and Statistical Reporting of Security Threats (Specification 11 3b of the Base gTLD Registry Agreement)
gTLD Registries Stakeholder's Group (RySG) resources for registries
Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets jointly drafted by the Governmental Advisory Committee Public Safety Working Group (PSWG) and the Registries Stakeholder Group (RySG)
Combating DNS Abuse: Registry Operator Available Actions
ICANN Monitoring System API (MoSAPI) user guide - In addition to service level agreement (SLA) performance information, registries can access daily feeds from ICANN's DAAR system via the MoSAPI.
Resources for End Users
Contracted Party House Publication: Guide to Abuse Reporting Practices
Contracted Party House Publication: Minimum Required Information for WHOIS Data Requests
After a reporter has submitted an abuse complaint to the registrar of record regarding abuse of a domain name in a gTLD, and after a reasonable time, if the reporter believes the registrar did not fulfill its obligations according to the Registrar Accreditation Agreement (see section 3.18), then the reporter may file a complaint with ICANN Contractual Compliance: Abuse involving a domain name. For more information on abuse complaint handling, visit ICANN Contractual Compliance Handling Report webpage.
Contractual Compliance Audit Program
The audit program is an integral part of the ICANN Contractual Compliance function. The goal is to ensure that contracted parties, registrars and registries, comply with their agreements and the consensus policies. It is the opportunity and means by which ICANN enhances community transparency through fact based and measurable reporting while proactively addressing any potential deficiencies. For more information, visit the Contractual Compliance Audit Program webpage.
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."
444
443
442
26
441
2023年8月17 15:13
更新刪除
跳至主要內容
登錄
報名

資源
DNS 安全威脅緩解計劃
如何解決域名的惡意使用(廣義上稱為域名系統 ( DNS ) 濫用)是一個備受關注和討論的話題。ICANN社群尚未就“ DNS濫用”達成共識定義。目前,根據ICANN章程規定的ICANN職責,ICANN組織的工作主要集中於支持緩解DNS安全威脅。
DNS安全威脅包括五大類有害活動:
殭屍網絡
惡意軟件
網域嫁接
網絡釣魚
垃圾郵件(因為它用於傳播其他DNS安全威脅)。
ICANN組織的DNS 安全威脅緩解計劃(以下簡稱計劃)致力於通過減少互聯網上DNS安全威脅的普遍性,使互聯網成為最終用戶更安全的地方。
ICANN組織範圍內的計劃建立在以下三個支柱之上:
被公認為值得信賴的信息來源:提供研究、數據和專業知識,幫助社區就該主題進行基於事實的討論。
向社區提供工具:幫助支持緩解DNS安全威脅。
執行合同條款:通過審核和投訴,執行註冊管理機構協議、註冊服務商委任協議和ICANN 共識性政策。
該計劃為ICANN組織提供了一個協作平台,該平台提供了該組織各種DNS安全威脅相關舉措和項目的可見性和清晰度,並允許制定和執行集中策略。該頁面將充當ICANN開展的與緩解DNS安全威脅相關的各種項目、計劃和活動的中心。
如果您有疑問,請將其發送至DNSsecuritythreats@icann.org。
新聞和活動
Blog: New ICANN Project Explores the Drivers of Malicious Domain Name Registrations (April 2023)
Blog: ICANN and Contracted Parties Negotiate About Improved DNS Abuse Requirements (January 2023)
Guest blog (APNIC): DNS abuse trends (14 June 2022)
Blog: Keep Up to Date With ICANN's DNS Security Threat Mitigation Program (9 June 2022)
Blog: ICANN Publishes DNS Abuse Trends (22 March 2022)
Announcement: The Recording is Now Available for the ICANN Informational Session on DNS Abuse (8 November 2021)
Announcement: Informational Session on DNS Abuse: Panel Discussion with the ICANN Board (18 October 2021)
Blog: Update on ICANN's DNS Security Threat Mitigation Program (19 July 2021)
Announcement: Webinar: ICANN DNS Security Threat Mitigation Program Update and Community Discussion (1 July 2021)
Announcement: Adding Linguistic Diversity to the Domain Name Security Threat Information Collection and Reporting Project (14 June 2021)
Blog: ICANN Org's Multifaceted Response to DNS Abuse (20 April 2020)
Meetings and Sessions
22 October 2021
Informational Session on DNS Abuse: Panel Discussion with the ICANN Board
Video Recording
Audio Recording – Session 1: Arabic | Chinese | French | Russian | Spanish
Audio Recording – Session 2: Arabic | Chinese | French | Russian | Spanish
Presentation: PDF
22 July 2021
DNS Security Threat Mitigation Program Update and Community Discussion
Video Recording
Audio Recording: Arabic | Chinese | French | Portuguese | Russian | Spanish
Presentation: PDF
Domain Abuse Activity Reporting
ICANN's Domain Abuse Activity Reporting (DAAR) system monitors domain abuse and registration activity across top-level domains (TLDs). DAAR continuously collects registration and security threat data from numerous reputation data feeds. Using the data, ICANN analysts identify and report the use of domain names for activities such as phishing, malware distribution, botnet activity, and spam as a delivery mechanism. The DAAR data can be used to monitor DNS security threat levels and concentrations across participating TLDs. For more information, as well as DAAR monthly reports, visit the Domain Abuse Activity Reporting webpage. ICANN's Identifier Technology Health Indicators (ITHI), or ITHI Metrics, also provide metrics related to DNS Security Threats for the community. For more information, visit the ITHI webpage.
Domain Name Security Threat Information Collection and Reporting (DNSTICR)
The DNSTICR project produces reports on recent domain registrations that we believe to be using the COVID-19 pandemic for phishing or malware campaigns. These reports contain the evidence that leads ICANN org to believe the domains are being used maliciously, along with other background information to help the responsible registrars to determine the correct course of action. More information about DNSTICR can be found here.
Capacity Development and Training
Capacity development and training includes the DNS ecosystem security offerings on ICANN Learn, as well as virtual and in-person training delivered by OCTO Technical Engagement, Global Stakeholder Engagement, and with community partners.
Resources for Registries and Registrars
Framework for Registry Operators to Respond to Security Threats
Advisory re: Technical Analysis and Statistical Reporting of Security Threats (Specification 11 3b of the Base gTLD Registry Agreement)
Security Response Waiver (SRW) for Registrars
Security Response Waiver (SRW) for Registry Operators (formerly Expedited Registry Security Request)
gTLD Registries Stakeholder's Group (RySG) resources for registries
Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets jointly drafted by the Governmental Advisory Committee Public Safety Working Group (PSWG) and the Registries Stakeholder Group (RySG)
Combating DNS Abuse: Registry Operator Available Actions
ICANN Monitoring System API (MoSAPI) user guide - In addition to service level agreement (SLA) performance information, registries can access daily feeds from ICANN's DAAR system via the MoSAPI.
Resources for End Users
Contracted Party House Publication: Guide to Abuse Reporting Practices
Contracted Party House Publication: Minimum Required Information for WHOIS Data Requests
After a reporter has submitted an abuse complaint to the registrar of record regarding abuse of a domain name in a gTLD, and after a reasonable time, if the reporter believes the registrar did not fulfill its obligations according to the Registrar Accreditation Agreement (see section 3.18), then the reporter may file a complaint with ICANN Contractual Compliance: Abuse involving a domain name. For more information on abuse complaint handling, visit ICANN Contractual Compliance Handling Report webpage.
Contractual Compliance Audit Program
The audit program is an integral part of the ICANN Contractual Compliance function. The goal is to ensure that contracted parties, registrars and registries, comply with their agreements and the consensus policies. It is the opportunity and means by which ICANN enhances community transparency through fact based and measurable reporting while proactively addressing any potential deficiencies. For more information, visit the Contractual Compliance Audit Program webpage.
YouTube
Twitter
LinkedIn
Flickr
Facebook
Newsletters
Community Wiki
ICANN Blog
WHO WE ARE
CONTACT US
ACCOUNTABILITY AND TRANSPARENCY
GOVERNANCE
HELP
DATA PROTECTION
© Internet Corporation for Assigned Names and Numbers.Privacy PolicyTerms of ServiceCookies Policy
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."