funsec mailing list archives
GA Tech Researchers Believe Spam Should be Fought at Network Level
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 14 Sep 2006 04:07:37 GMT
Interesting. Via SC Magazine Online. [snip] A pair of Georgia Tech researchers suggested this week that internet service providers (ISPs) might be able to fight junk email more efficiently at the network level rather than using message content filters. "Content filters are fighting a losing battle because it's easier for spammers to simply change their content than for us to build spam filters.," said Nick Feamster, a Georgia Tech assistant professor of computing. "We need another set of properties, not based on content. So what about network-level properties? It's harder for spammers to change network-level properties." Feamster and his Ph.D. student Anirudh Ramachandran spent 18 months studying [.pdf] Internet routing and spam data in order to understand what the best network-level properties could be used to develop a spam filter design. During this time they collected a database of more than 10 million spam e-mails to learn how these messages are being routed. Feamster said that they were able to establish some key findings from the data. First among these is the fact that internet routes are frequently being hijacked by spammers. Feamster and Ramachandran said they were able to identify many narrow ranges within internet protocol (IP) address spaces that are generating only spam, as well as the ISPs from which the spam is coming. "We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods." [snip] More: http://www.scmagazine.com/uk/news/article/592533 Also: Understanding the Network-Level Behavior of Spammers A. Ramachandran and N. Feamster Proc. ACM SIGCOMM, Pisa, Italy, September 2006. To appear. [.pdf] http://www-static.cc.gatech.edu/~feamster/publications/p396-ramachandran.pdf An earlier version appeared as Georgia Tech Technical Report GT-CSS-2006-001. - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- GA Tech Researchers Believe Spam Should be Fought at Network Level Fergie (Sep 13)