Characterization of Blacklists and Tainted Network Traffic
Threats to the security and availability of the network have contributed to the use of Real-time Black hole Lists (RBLs) as an attractive method for implementing dynamic filtering and blocking. While RBLs have received considerable study, little is known about the impact of these lists in practice. A variety of threats, ranging from misconfiguration and mismanagement to botnets, worms, SPAM, and denial of service attacks, threaten the security and availability of today's Internet. In this paper, the authors use nine different RBLs from three different categories to perform the evaluation of RBL tainted traffic at a large regional Internet Service Provider.