|
« NANOG37 Home
Understanding the Network-Level Behavior of SpammersNick Feamster and Anirudh Ramachandran, Georgia Tech UniversityPresentation Date: June 6, 2006, 9:30 AM - 10:00 AM
Room: Exhibit Hall 3
Abstract:
We study the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent (in time) each spamming host is, botnet spamming characteristics, and techniques for harvesting email addresses. This presentation studies these questions by analyzing an 18-month trace of over 10 million spam messages collected at one Internet "spam sinkhole," and by correlating these messages with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "command and control" traces.
We find that a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked addresses. Most spam was received from a few regions of IP address space. Spammers appear to make use of transient "bots" that send only a few pieces of email over the course of a few minutes at most. These patterns suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than an email's contents), and improving the security of the Internet routing infrastructure may be prove extremely effective for combating spam.
Archived Files:
NANOG37 Abstracts- Anatomy of recent DNS reflector attacks from the victim and reflector point of view
Frank Scalzo, Verisign
- Authentication for TCP-based Routing and Management Protocols
Ron Bonica, Juniper
- BGP Techniques for Service Providers
Philip Smith, Cisco Systems
- BOF: BGP Tools
Dan Massey, Colorado State University; Nick Feamster, MIT; Lixiz Zhang, UCLA
- Deploying DNSSEC. Pulling yourself up by your bootstraps
Joao Damas, Internet Systems Consortium
- Effects of anycast on K-root Performance
Lorenzo Colitti, RIPE NCC
- BOF: Exchange Point Operators
Moderators: Joe Abley, Afilias Canada; Celeste Anderson, USC
- Fundamentals of Passive Monitoring Access
Joy Weber, Net Optics
- Information Collection on DDoS Attacks
Anna Claiborne, Prolexic Technologies
- Managing 100+ million IP addresses
Alain Durand, Comcast
- MPLS Traffic Engineering
Pete Templin, Texlink
- NANOG Community Meeting
Moderator: Randy Bush, IIJ
Panelists: Steve Feldman, CNET; Betty Burke, Merit Network; Rob Seastrom, ClueTrust
- Open issues with ipv6 routing/multihoming
Vince Fuller, Cisco Systems; Jason Schiller, UUNET/Verizon
- Operational experience with TCP and Anycast
Moderator: Matt Levine, Cache Networks
Panelists: Barrett Lyon, BitGravity, LLC; Todd Underwood, Renesys Corporation
- BOF: OPSEC WG
Moderator: Ross Callon, Juniper
Panelists: Merike Kaeo, Double Shot Security; Chris Morrow, Verizon Business
- Panel: Hot Time in the Big IDC: Power, cooling, and the data center
Moderator: Dan Golding, Tier1 Research
Panelists: Michael Laudon, Force10 Networks; Jay Park, Equinix; Rob Snevely, Sun Microsystems; Josh Snowhorn, Terremark Worldwide, Inc.; David Tsiang, Cisco Systems; Brad Turner, Juniper Networks; Brian Young, Switch and Data
- Panel: Network Neutrality - What Does It Mean To Operators?
Moderator: Bill Woodcock, Packet Clearing House
Panelists: Sean Donelan, Cisco Systems; Sean Doran, Cisco Systems; ; Gene Lew, Neustar; Brokaw Price, Yahoo
- BOF: Peering BOF XIII
Moderator: Bill Norton, Equinix
- Research Forum: A simple coordination mechanism for interdomain routing
Ratul Mahajan, Microsoft Research; Thomas Anderson and David Wetherall, University of Washington
- Research Forum: Active Measurement of the AS Path Prepending Method
Samantha Lo and Rocky K. C. Chang, Hong Kong Polytechnic University
- Research Forum: Pretty Good BGP and the Internet Alert Registry
Josh Karlin, University of New Mexico
- San Jose Newcomers' Reception
Moderator: Steve Feldman, CNET
Panelists: Bill Norton, Equinix; Betty Burke, Merit Network Inc.
- BOF: Security
Moderators: Danny McPherson, Arbor Networks; Roland Dobbins, Cisco Systems
- Smart Network Data Services
Eliot Gillum, Microsoft
- Understanding the Network-Level Behavior of Spammers
Nick Feamster and Anirudh Ramachandran, Georgia Tech University
- US ENUM Trial
Karen Mulberry, Neustar
- Show All
Back to the NANOG37 main page.
|
