Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham...
-
Upload
tamsyn-wilkerson -
Category
Documents
-
view
213 -
download
0
Transcript of Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham...
![Page 1: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/1.jpg)
Team Excel
What is SPAM ?
![Page 2: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/2.jpg)
Spam Offense Team Excel
'‘a distinctive chopped pork shoulder and ham mixture''
Image Source:Appscout.com
![Page 3: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/3.jpg)
Emails Misdirected into Honeypot
The domain name used in the study honeypot is not given
Opportunity for legitimate mail due to “typos”
Examples: [email protected] [email protected] [email protected] [email protected]
Image Source: Apple.com
Typos can happen!
![Page 4: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/4.jpg)
Primary Country Data is Misleading
Number of SMAM messages is not normalized against number of legitate messages
While China has a large number of SPAM messages, it also has the 2nd largest number of online Internet users
SPAM is a problem in China AND the U.S.
Example: Internet Population
Table 1: Top Spam Networks
Source: InternetWorldStats.com
![Page 5: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/5.jpg)
Route Stability
Route stability to determine whether or not a message is spam will be difficult and may result in false positives.
The short lived IP subnets, could be due to flapping of Internet links in which BGP is flushing/adding/then flushing the route.
Global Internet Threat The Backhoe Fiber Map Route Frequency
Source: Wired.com and Benmautner.com
![Page 6: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/6.jpg)
Black Lists
Blacklisting an entire AS runs the risk of blocking legitimate traffic and/or legitimate email
Blocking an IP address or group of IPs, especially in the case when NAT is used, could result in blocking legitimate mail
Image Source: Bonq.org
![Page 7: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/7.jpg)
Email ISP Selection
The trace file of "legitimate email" from an ISP could be partial to particular ISPs, depending on who the customers of the ISP communicate with
The demographics of the sample data may play a part in why email is seen from certain ISPs
Comparing "legitimate email" from an ISP, provides little value in comparison to the "SPAM email" sample
![Page 8: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/8.jpg)
Incomplete Data by Country
The data is not normalized. Saying Korea and China produce the most SPAM, may be true, however the total amount of email messages processed (both good and SPAM) is not given
It is possible China produces 10 times more email than other countries since the population is much higher
When normalized it is possible the percent of SPAM vs. non-SPAM is lower in China than other countries
![Page 9: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/9.jpg)
DNS registration Methodology
Using DNS name lookup only to collect spam limits the scope and type of spam received, such as mail received from Harvesters and mailing lists, thus limiting spammer capability types.
![Page 10: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/10.jpg)
BotNet
The generalization of Bobax data across all botnets will generate misleading results
Behavior may be different
![Page 11: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/11.jpg)
Spammers sending limited messages
The conclusion that hosts send finite messages to the sinkhole may be a symptom of the behavior of the sinkhole rather than the behavior of the botnet
![Page 12: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/12.jpg)
Route based spam detection
Route based spam detection is limited correlating route behavior to spam
There are many reasons for short lived routes, so detection of spam by detecting short lived routes will need to be used in conjunction with other methods to detect spam
![Page 13: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/13.jpg)
Spam Filters
What is the likely-hood of network level filters blocking legitimate e-mail?
What if a corporation makes a change to their MX records – will their technique cause issues?
Most corporate filters allow some spam through vs. risk blocking legitimate e-mail
![Page 14: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/14.jpg)
Destination Security
The results of the study could be flawed due to security measures on the Internet
The researchers attempts to trace back to hosts, may have been blocked by access-lists on routers, and/or firewalls
It is also conceivable the "hijack" of the botnet they performed may of caused other ISPs to "blacklist" the researchers thinking they were possible Spammers
![Page 15: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/15.jpg)
Intelligent Spammers
Study assumes that spamming technology is static
Spammers continually adjust tactics to minimize the effectiveness of new efforts of screening
![Page 16: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/16.jpg)
The SPAM Offensive Team
Glenn Allison
Bryan “BDT” Tabiadon
Joe Mathew
Dan Hoadley Raj Varma
Michael Ehrenhofer
![Page 17: Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.](https://reader036.fdocuments.us/reader036/viewer/2022081603/56649da95503460f94a97021/html5/thumbnails/17.jpg)
Thank you
VOTE
OFFENSE