funsec mailing list archives

Previous By Date Next
Previous By Thread Next

GA Tech Researchers Believe Spam Should be Fought at Network Level

From: "Fergie" <fergdawg () netzero net>
Date: Thu, 14 Sep 2006 04:07:37 GMT
Interesting.

Via SC Magazine Online.

[snip]

A pair of Georgia Tech researchers suggested this week that internet
service providers (ISPs) might be able to fight junk email more
efficiently at the network level rather than using message content filters.

"Content filters are fighting a losing battle because it's easier for
spammers to simply change their content than for us to build spam
filters.," said Nick Feamster, a Georgia Tech assistant professor of
computing. "We need another set of properties, not based on content. So
what about network-level properties? It's harder for spammers to change
network-level properties."

Feamster and his Ph.D. student Anirudh Ramachandran spent 18 months
studying [.pdf] Internet routing and spam data in order to understand
what the best network-level properties could be used to develop a spam
filter design. During this time they collected a database of more than
10 million spam e-mails to learn how these messages are being routed.

Feamster said that they were able to establish some key findings from
the data. First among these is the fact that internet routes are
frequently being hijacked by spammers. Feamster and Ramachandran said
they were able to identify many narrow ranges within internet protocol
(IP) address spaces that are generating only spam, as well as the ISPs
from which the spam is coming.

"We know route hijacking is occurring," Feamster said. "It's being done
by a small, but fairly persistent and sophisticated group of spammers,
who cannot be traced using conventional methods."

[snip]

More:
http://www.scmagazine.com/uk/news/article/592533

Also:
Understanding the Network-Level Behavior of Spammers
A. Ramachandran and N. Feamster
Proc. ACM SIGCOMM,
Pisa, Italy, September 2006. To appear. [.pdf]
http://www-static.cc.gatech.edu/~feamster/publications/p396-ramachandran.pdf
An earlier version appeared as Georgia Tech Technical Report
GT-CSS-2006-001.

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: