Ecole d'ingénieur et centre de recherche en Sciences du numérique

SpamTracer: How stealthy are spammers?

Vervier, Pierre-Antoine; Thonnard, Olivier

TMA 2013, 5th IEEE International Traffic Monitoring and Analysis Workshop, in conjunction with INFOCOM 2013, 19 April 2013, Turin, Italy

The Internet routing infrastructure is vulnerable to the injection of erroneous routing information resulting in BGP hijacking. Some spammers, also known as fly-by spammers, have been reported using this attack to steal blocks of IP addresses and use them for spamming. Using stolen IP addresses may allow spammers to elude spam filters based on sender IP address reputation and remain stealthy. This remains a open conjecture despite some anecdotal evidences published several years ago. In order to confirm the first observations and reproduce the experiments at large scale, a system called SpamTracer has been developed to monitor the routing behavior of spamming networks using BGP data and IP/AS traceroutes. We then propose a set of specifically tailored heuristics for detecting possible BGP hijacks. Through an extensive experimentation on a six months dataset, we did find a limited number of cases of spamming networks likely hijacked. In one case, the network owner confirmed the hijack. However, from the experiments performed so far, we can conclude that the fly-by spammers phenomenon does not seem to currently be a significant threat.  

Document Doi Bibtex

Titre:SpamTracer: How stealthy are spammers?
Type:Conférence
Langue:English
Ville:Turin
Pays:ITALIE
Date:
Département:Sécurité numérique
Eurecom ref:3919
Copyright: © 2013 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+3919, doi = {http://dx.doi.org/10.1109/INFCOMW.2013.6562916}, year = {2013}, title = {{S}pam{T}racer: {H}ow stealthy are spammers?}, author = {{V}ervier, {P}ierre-{A}ntoine and {T}honnard, {O}livier}, booktitle = {{TMA} 2013, 5th {IEEE} {I}nternational {T}raffic {M}onitoring and {A}nalysis {W}orkshop, in conjunction with {INFOCOM} 2013, 19 {A}pril 2013, {T}urin, {I}taly}, address = {{T}urin, {ITALIE}}, month = {02}, url = {http://www.eurecom.fr/publication/3919} }
Voir aussi: