Title :
SpamTracer: How stealthy are spammers?
Author :
Vervier, Pierre-Antoine ; Thonnard, Olivier
Author_Institution :
Eurecom, Sophia Antipolis, France
Abstract :
The Internet routing infrastructure is vulnerable to the injection of erroneous routing information resulting in BGP hijacking. Some spammers, also known as fly-by spammers, have been reported using this attack to steal blocks of IP addresses and use them for spamming. Using stolen IP addresses may allow spammers to elude spam filters based on sender IP address reputation and remain stealthy. This remains a open conjecture despite some anecdotal evidences published several years ago. In order to confirm the first observations and reproduce the experiments at large scale, a system called SpamTracer has been developed to monitor the routing behavior of spamming networks using BGP data and IP/AS traceroutes. We then propose a set of specifically tailored heuristics for detecting possible BGP hijacks. Through an extensive experimentation on a six months dataset, we did find a limited number of cases of spamming networks likely hijacked. In one case, the network owner confirmed the hijack. However, from the experiments performed so far, we can conclude that the fly-by spammers phenomenon does not seem to currently be a significant threat.
Keywords :
IP networks; Internet; computer network security; e-mail filters; telecommunication network routing; unsolicited e-mail; BGP data; BGP hijacking; BGP hijacks; IP addresses; IP-AS traceroutes; Internet routing infrastructure; SpamTracer; erroneous routing information; sender IP address reputation; spam filters; spamming network routing behavior; Conferences; Feeds; IP networks; Internet; Monitoring; Routing; Unsolicited electronic mail;
Conference_Titel :
Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on
Conference_Location :
Turin
Print_ISBN :
978-1-4799-0055-8
DOI :
10.1109/INFCOMW.2013.6562916
