Investigation of triangular spamming: A stealthy and efficient spamming technique

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2010, Pages 207-222

  Qian, Zhiyun ^a   Mao, Z Morley ^a   Xie, Yinglian ^b   Yu, Fang ^b  

^a UNIVERSITY OF MICHIGAN   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AS CONTENT; HIGH BANDWIDTH; IP PACKETS; NETWORK BEHAVIORS; NETWORK OPERATOR; PLANETLAB; PREVENTION METHODS; PROBING TECHNIQUES; SIGNIFICANT IMPACTS; SPAM SOURCES; SPAMMERS; TRAFFIC BLOCKING; WIDE AREA;

CELLULAR RADIO SYSTEMS; INTERNET; INTERNET PROTOCOLS;

SPAMMING;

EID: 77955187093     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2010.42     Document Type: Conference Paper

References (43)

1. Adobe flash player. http://www.adobe.com/products/flashplayer/.
2. The apache spamassassin project. http://spamassassin. apache.org/.
3. Chater cable, internet, telephone, www.charter.net/.
4. Cisco pix 515e firewall quick start guide, version 6.3. http://www.ciscosystems.org.ro/en/US/docs/security/pix/pi x63/quick/guide/63- 515qk.html.
5. Comcast takes hard line against spam. http://news.zdnet.com/2100-3513-22- 136518.html.
6. Hacking the interwebs. http://www.gnucitizen.org/blog/hacking- the- interwebs/.
7. The icsi netalyzr beta, http://netalyzr.icsi.berkeley.edu/.
8. Microsoft: 3% of e-mail is stuff we want; the rest is spam. http://arstechnica.com/security/news/2009/04/microsoft-97-percent-of-all-e-mail- is-spam.ars.
9. Nanog survey - isp port blocking practice. http://seclists.org/nanog/ 2009/Oct/727.
10. netfilter/iptables project homepage, http://www.netfilter.org/.
11. The new pOf 2.0.8 (2006-09-06). http://lcamtuf.coredump. cx/p0f.shtml.
12. Planetlab acceptable use policy (aup). http://www.planet-lab. org/aup.
13. Port 25 blocking. http://www.postcastserver.com/help/Port-25-Blocking. aspx.
14. Port 25 (sonic.net). http://sonic.net/ support/faq/advanced/port-25. shtml.
15. Rfc2920, smtp service extension for command pipelining. http://tools.ietf.org/html/rfc2920.
16. Sbc email problem. www.sfsu.edu/∼helpdesk/sbc/index. htm/.
17. Sorbs. http://www.au.sorbs.net/.
18. Spamcop. http://www.spamcop.net/.
19. Spamhaus. http://www.spamhaus.org/.
20. Tcp/ip fingerprinting methods supported by nmap. http://nmap.org/Eook/ osdetect-methods.html.
21. Unicast reverse path forwarding. http://en.wikipedia.org/wiki/Reverse- path-forwarding.
22. Universal plug and play. http://en.wikipedia.org/wiki/Universal-Plug-and- Play/.
23. Useful statistics for web designers. http://www.tvidesign.co. uk/blog/useful-statistics- for- web- designers. aspx.
24. Verizon - our attention needed: Re-configure your email settings to send email. http://www22.verizon. com/ResidentialHelp/HighSpeed/General+Support/Top+ Questions/QuestionsOne/124274.htm.
25. Whois ip address/domain name lookup. http://cqcounter. com/whois/.
26. F. Baker and P. Savola. Ingress filtering for multihomed networks. In RFC 3704, 2004.
27. R. Beverly, A. Berger, Y. Hyun, and k claffy. Understanding the efficacy of deployed internet source address validation filtering. In In Proc. of IMC, 2009.
28. P. Ferguson and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing. In RFC 2827, 2000.
29. S. Hao, N. A. Syed, N. Feamster, A. Gray, and S. Krasser. Detecting Spammers with SNARE: Spatiotemporal Network-level Automatic Reputation Engine. In Proceedings of Usenix Security Symposium, March 2009.
30. F. Li and M.-H. Hsieh. An empirical study of clustering behavior of spammers and group-based anti-spam strategies. In In Proc. of CEAS, 2006.
31. Z. M. Mao, L. Qiu, J. Wang, and Y. Zhang. On as-level path inference. In In Proc. of SIGMETRICS, 2005.
32. B. Medlock. An adaptive, semi-structured language model approach to spam filtering on a new corpus. In CEAS 2006 - Third Conference on Email and Anti-Spam, July 2006.
33. Z. Qian, Z. M. Mao, Y. Xie, and F. Yu. On network-level clusters for spam detection. In In Proc. of NDSS, 2010.
34. A. Ramachandran, N. Feamster, and S. Vempala. Filtering spam with behavioral blacklisting. In In Proc. of CCS, 2007.
35. T. Samak, A. El-Atawy, and E. Al-Shaer. Firecracker: A framework for inferring firewall policy using smart probing. In In the Proceedings of the fifteenth IEEE International Conference on Network Protocols (ICNP'07), 2007.
36. S. Sinha, M. Bailey, and F. Jahanian. Shades of Grey: On the Effectiveness of Reputation-based "Blacklists". In Malware 2008, 2008.
37. Spamhaus policy block list (PBL). http://www.spamhaus. org/pbl/, Jan 2007.
38. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your botnet is my botnet: Analysis of a botnet takeover. In In Proc. of CCS, 2009.
39. S. Venkataraman, S. Sen, O. Spatscheck, P. Haffner, and D. Song. Exploiting network structure for proactive spam mitigation. In In Proc. of USENIX Security Symposium, 2007.
40. G. Wang, B. Zhang, and T. S. E. Ng. Towards network triangle inequality violation aware distributed systems. In In Proc. of IMC, 2007.
41. H. Wang, C. Jin, and K. G. Shin. Defense against spoofed ip traffic using hop-count filtering. IEEE/ACM Trans. Netw., 2007.
42. X. Wang and M. K. Reiter. A multi-layer framework for puzzle-based denial-of-service defense. Int. J. Inf. Secur., 2008.
43. N. Weaver, R. Sommer, and V. Paxson. Detecting forged tcp reset packets. In In Proc. of NDSS, 2009.